Changelog

We periodically release new versions of the VGS Collect.js library whenever we make changes. The library follows semantic versioning (semver) principles.

Version 3.2.0 (07/16/2025)

• Introduced new method for CMP card creation .createCard().

• Added specialized helper methods to simplify the creation of standard payment fields—cardNumberField, cardExpirationDateField, cardCVCField, and cardholderNameField. Each method automatically sets predefined properties such as type, name, placeholder, and default validations (where applicable), while still allowing optional overrides via the properties parameter.

Version 3.0.1 (06/30/2025)

• Security updates

• Added support for optional fields in the Vault API

Version 3.0.0 (05/15/2025)

• Added Vault API v2 support through the new .createAliases() method.

• Enforced HSTS (Strict-Transport-Security) header for the library.

Version 2.27.5 (05/13/2025)

• Added 19-digit BIN support for Dinersclub, Discover and JCB cards.

• Added ability to disable autocomplete attribute for the payment fields.

Version 2.27.4 (05/08/2025)

• Added report-uri to iframe's CSP.

Version 2.27.2 (01/24/2025)

• Removed redundant console.log.

Version 2.27.1 (01/24/2025)

• Added verification if the element exists for autocomplete.

• Fixed security vulnerabilities.

Version 2.27.0 (12/02/2024)

• Added ability to customize alt text for the card icons.

Version 2.26.0 (11/28/2024)

• Added 8 digit BIN support for the custom card brands.

Version 2.25.1 (10/25/2024)

• Added async function for dynamic headers generation.

Version 2.24.6 (05/02/2024)

• Fixed RTL (Right-To-Left) text input allignment.

Version 2.24.4 (04/10/2024)

• Added SRI to the scripts.

Version 2.24.1 (03/27/2024)

• Added support for new alias format: ALPHANUMERIC_SIX_T_FOUR.

Version 2.24.0 (03/26/2024)

• Added support for new alias formats: ALPHANUMERIC_LENGTH_PRESERVING, ALPHANUMERIC_LENGTH_PRESERVING_T_FOUR, ALPHANUMERIC_SSN_T_FOUR, ALPHANUMERIC_LENGTH_PRESERVING_SIX_T_FOUR.

Version 2.23.0 (02/29/2024)

• Fixed issue with iframe CSPs.

Version 2.22.0 (12/29/2023)

• Custom iframe title attribute.

Version 2.21.0 (10/23/2023)

• Fixed BIN range for the Mastercard.

• Fixed caret behavior for 19-digit cards.

Version 2.20.0 (07/24/2023)

• Fixed securuty vulnerabilities.

• Reduced bundle size.

Version 2.19.0 (04/27/2023)

• Plugin system for the Partnership Integrations.

• Fixed security vulnerabilities.

Version 2.18.6 (04/20/2023)

• Performance updates.

• Security updates.

Version 2.18.5 (03/22/2023)

• Fix a bug with multiple fields type=file and serializer base64 in one Collect form.

Version 2.18.4 (03/13/2023)

• Improved accessibility for the screen readers.

• Fixed issue with serializers when using .tokenize() method.

• Fixed issue with validation on prefill.

Version 2.18.3 (02/23/2023)

• Fixed credit card fields autocomplete received from the password managers.

Version 2.18.0 (11/08/2022)

• Exposing detailed information about validation error messages in the form state. It can be accesses from the errors property of the state object.

• Added ability to accept only preferred card brands. The library will run validation only against specified brands.

• Added support to the new input type date.

• Extended abilities of the custom validation rules.

Version 2.17.0 (10/07/2022)

• CVC can be stored only in volatile storage.

• Added support for the GENERIC_T_FOUR (Generic - VGS Alias Last Four (T4)) token.

Version 2.16.0 (09/08/2022)

• Fixed validation for the yearLength: 4 setup.

Version 2.15.0 (07/29/2022)

• Added 8-digit BIN support to Visa, MasterCard, and Maestro cards. It can be accessed in the form state.

Version 2.14.0 (06/07/2022)

• Added integration with the Tokenization API to the library. Data from the Collect form can go directly to the VGS tokenization service using the new .tokenize() method. The token format for each field can be controlled through the tokenization property supported by the .field() method.

Version 2.13.0 (05/24/2022)

• Fixed issue with isFocused state for the ssn and zip-code type of fields.

• Custom request body feature now works with the separate serializer. monthName and yearName values can be used to generate desired payload.

Version 2.12.0 (01/13/2022)

• Added support for the file extensions in the uppercase format.

• Added option to validate credit card number by performing only luhn check - validCardNumberLuhnCheck.

Version 2.11.0 (10/04/2021)

• Added .unmount() method to the library.

• Added lastModified property to the uploaded file state.

• Added ability to simply customize request body structure.

• Fixed issue with duplicated telemetry iframe appears after multiple form initializations.

• Fixed issue with extended card number validation.

Version 2.10.0 (08/12/2021)

• Added input type="file" support.

Version 2.9.0 (07/02/2021)

• Added custom icons API.

Version 2.8.2 (06/24/2021)

• Fixed issue with browser autocomplete for the card-number field.

• Fixed caret position issue when pasting value to the card-number field.

Version 2.8.1 (06/07/2021)

• Added hideValue support to the card-number field type.

Version 2.8.0 (05/14/2021)

• Added withCredentials parameter to the .submit() method which is indicating that the request should be made using credentials.

• Fixed security vulnerability.

Version 2.7.0 (04/15/2021)

• Allow passing a custom expiration date separator for month and year values.

• Resolve field.promise when the field is rendered.

Version 2.6.0 (04/02/2021)

• Added event handlers for the following events - focus, blur, update, delete, keyup, keydown, keypress.

Version 2.5.0 (03/17/2021)

• New Field.update API is added.

Version 2.4.0 (03/02/2021)

• Value masking for CVV field is available now.

• New validation type compareValue which allows to confirm that field values are the same.

• Updated card icons.

• Card icon with security code location for CVV field.

• Performance and bundle optimizations.

Version 2.3.0 (02/02/2021)

• VGS Collect.js is now mapping the field state to the input and container classes. Using CSS rules you can easily style different field states.

• New isTouched property in the field state.

• Added ability to merge arrays when using mapDotToObject property inside .submit() method.

• Fixed mapDotToObject conflicting behavior with .separate() serializer.

Version 2.2.1 (01/26/2021)

• Fix moving caret for iOS devices.

• Fix submit bug for European live vaults.

Version 2.2.0 (12/03/2022)

• Add enterPress event to allow submitting the form when a user hits Enter button.

Version 2.1.1 (12/02/2020)

• Extend Maestro card range for card numbers validation.

• Fix a security vulnerability.

• Fix CNAME support.

• Reduce bundle size by more than a half.

• Split the bundle to modern and legacy builds. Users with modern browsers will load less code now since we exclude some polyfills from the bundle.

• Make JavaScript inside the iframe cacheable.

Version 2.1.0 (10/22/2020)

• Fix navigating by the keyboard for Firefox and Safari. Now the form has better accessibility across all modern browsers.

• Fix forms for IE11 and Safari 10.

• Add field.reset and form.reset API. Read more.

• Add field.promise and field.loadingState API. Read more

• Improve expiry date validation so that the maximum expiry date is 21 years from now.

• Improve forms loading.

Version 2.0

• Versioning support

• Ability to create custom card brands

• New validCardNumberExtended validation allows handle even unsupported card brands (Calculates digit sequence checksum using Luhn algorithm)

• Smart CVC

• Dynamic CNAME support (Manage CNAMEs for Collect.js from the Dashboard)

• Data region support, example EU region

• Security improvements

• New field type (ssn) and validation (validSSN) is available for a Social Security number.

Ensuring Script Integrity for PCI Compliance

With the introduction of PCI DSS version 4.0, a new requirement has been put forth to ensure the integrity of scripts that run on payment pages. Script Integrity is crucial in maintaining the security and trustworthiness of online payment systems, as any unauthorized modifications to these scripts could potentially lead to data breaches or fraudulent activities. To meet this requirement, organizations must implement mechanisms to verify the integrity of each script utilized on their payment pages.

Example:

<script type="text/javascript" src="https://js.verygoodvault.com/vgs-collect/3.2.2/vgs-collect.js" integrit

Migrating from VGS Collect.js v1 to v2

VGS Collect.js v2 has no organization ID in the file path. To migrate, you need to:

1. Include a new script path to your application.

2. Update your initialization script by adding an additional parameter for the VGS environment sandbox, live or live-eu-... for a specific data region.

If you have previously used CNAME with VGS Collect v1, it's required to enable CNAMEs on a Dashboard and execute .useCname() method. You can find detailed instructions here.