Please report security issues privately to security@pametan.co rather than opening a public issue. We aim to acknowledge reports within 2 business days.

This library performs offline, deterministic validation and makes no network calls. The most likely "security-relevant" issue is a correctness bug that causes an invalid account number to be reported as valid (or vice versa) — those are treated with the same priority as security reports.

The latest published minor version receives fixes. Until a 1.0 release, expect the API to be stable but not yet frozen.