Please report security issues privately to security@pametan.co rather than opening a public issue. We aim to acknowledge reports within 2 business days.

This library performs offline, in-memory validation only — it makes no network calls and never stores or logs card data. Treat the following with the same priority as a security report:

• a correctness bug that reports an invalid card number as valid, or vice versa;
• any code path that could cause a card number to be logged, persisted or transmitted.

Never include real card numbers in issues or reports — use published synthetic test numbers.

The latest published minor version receives fixes. Until a 1.0 release, the API is stable but not yet frozen.