This package parses and transforms invoice files, including PDFs and XML documents supplied by external parties. Treat those files as untrusted input in production workflows.

Please report suspected security issues privately to the project maintainers. Do not open a public issue for vulnerabilities until a fix or mitigation is available.

• Run the WASM component in the Flow-Like sandbox.
• Validate incoming invoices before booking, exporting, sending, or archiving.
• Keep provider credentials, Peppol credentials, and archive secrets outside workflow files and source control.
• Use official validator services for legal or production acceptance decisions.