A jQuery-free general purpose library for building credit card forms, validating inputs and formatting numbers.

Overview

Payment Build Status npm

A jQuery-free general purpose library for building credit card forms, validating inputs and formatting numbers. Heavily, heavily based on @stripe's jquery.payment library, but without the jQuery.

For example, you can make a input act like a credit card field (with number formatting and length restriction):

Payment.formatCardNumber(document.querySelector('input.cc-num'));

Then, when the payment form is submitted, you can validate the card number on the client-side:

var valid = Payment.fns.validateCardNumber(document.querySelector('input.cc-num').value);

if (!valid) {
  alert('Your card is not valid!');
  return false;
}

You can find a full demo here.

Supported card types are:

  • Visa
  • MasterCard
  • American Express
  • Discover
  • JCB
  • Diners Club
  • Maestro
  • Laser
  • UnionPay
  • Elo
  • Hipercard
  • Troy

API

Payment.formatCardNumber(element[, maxLength])

Formats card numbers:

  • Includes a space between every 4 digits
  • Restricts input to numbers
  • Limits to 16 numbers
  • Supports American Express formatting
  • Adds a class of the card type (e.g. 'visa') to the input
  • If second parameter is specified then card length will be limited to its value (19 digits cards are not in use despite being included in specifications)

Example:

Payment.formatCardNumber(document.querySelector('input.cc-num'));

Payment.formatCardExpiry(element)

Formats card expiry:

  • Includes a / between the month and year
  • Restricts input to numbers
  • Restricts length

Example:

Payment.formatCardExpiry(document.querySelector('input.cc-exp'));

Payment.formatCardCVC(element)

Formats card CVC:

  • Restricts length to 4 numbers
  • Restricts input to numbers

Example:

Payment.formatCardCVC(document.querySelector('input.cc-cvc'));

Payment.restrictNumeric(element)

General numeric input restriction.

Example:

Payment.restrictNumeric(document.querySelector('[data-numeric]'));

Payment.fns.validateCardNumber(number)

Validates a card number:

  • Validates numbers
  • Validates Luhn algorithm
  • Validates length

Example:

Payment.fns.validateCardNumber('4242 4242 4242 4242'); //=> true

Payment.fns.validateCardExpiry(month, year), Payment.fns.validateCardExpiry('month / year')

Validates a card expiry:

  • Validates numbers
  • Validates in the future
  • Supports year shorthand
  • Supports formatted as formatCardExpiry input value

Example:

Payment.fns.validateCardExpiry('05', '20'); //=> true
Payment.fns.validateCardExpiry('05', '2015'); //=> true
Payment.fns.validateCardExpiry('05', '05'); //=> false
Payment.fns.validateCardExpiry('05 / 25'); //=> true
Payment.fns.validateCardExpiry('05 / 2015'); //=> false

Payment.fns.validateCardCVC(cvc, type)

Validates a card CVC:

  • Validates number
  • Validates length to 4

Example:

Payment.fns.validateCardCVC('123'); //=> true
Payment.fns.validateCardCVC('123', 'amex'); //=> true
Payment.fns.validateCardCVC('1234', 'amex'); //=> true
Payment.fns.validateCardCVC('12344'); //=> false

Payment.fns.cardType(number)

Returns a card type. Either:

  • visa
  • mastercard
  • discover
  • amex
  • jcb
  • dinersclub
  • maestro
  • laser
  • unionpay
  • elo
  • hipercard

The function will return null if the card type can't be determined.

Example:

Payment.fns.cardType('4242 4242 4242 4242'); //=> 'visa'

Payment.fns.cardExpiryVal(string) and Payment.cardExpiryVal(el)

Parses a credit card expiry in the form of MM/YYYY, returning an object containing the month and year. Shorthand years, such as 13 are also supported (and converted into the longhand, e.g. 2013).

Payment.fns.cardExpiryVal('03 / 2025'); //=> {month: 3: year: 2025}
Payment.fns.cardExpiryVal('05 / 04'); //=> {month: 5, year: 2004}
Payment.fns.cardExpiryVal(document.querySelector('input.cc-exp')) //=> {month: 4, year: 2020}

This function doesn't perform any validation of the month or year; use Payment.fns.validateCardExpiry(month, year) for that.

Card Type functions

We've provided utility functions to change which card types can be identified by Payment.

Payment.getCardArray()

Returns the array of card types.

Payment.setCardArray(cardTypes)

Overrides the array of card types with a new array.

Payment.addToCardArray(cardType)

Add a new card type to the card array.

Payment.removeFromCardArray(cardName)

Remove a card type from the card array.

Example

Look in ./example/index.html

Building

Run npm run build

Running tests

Run npm run test

Autocomplete recommendations

We recommend you turn autocomplete on for credit card forms, except for the CVC field. You can do this by setting the autocomplete attribute:

">
<form autocomplete="on">
  <input class="cc-number">
  <input class="cc-cvc" autocomplete="off">
form>

You should also mark up your fields using the Autofill spec. These are respected by a number of browsers, including Chrome.

">
<input type="text" class="cc-number" pattern="\d*" autocompletetype="cc-number" placeholder="Card number" required>

Set autocompletetype to cc-number for credit card numbers, cc-exp for credit card expiry and cc-csc for the CVC (security code).

Mobile recommendations

We recommend you set the pattern attribute which will cause the numeric keyboard to be displayed on mobiles:

">
<input class="cc-number" pattern="\d*">

You may have to turn off HTML5 validation (using the novalidate form attribute) when using this pattern, as it won't match space formatting.

Comments
  • keypress event is ignored on android (mobile)

    keypress event is ignored on android (mobile)

    On android devices keypress events are not being triggered. Input is not being validated/formatted as a result. it works fine on desktop and iOS.

    I used two android(v6 and v4.4) devices to test this using chrome/stock browser.

    can be reproduced here: http://jessepollak.github.io/payment/example/

    Example above demonstrates that card number is not being validated because https://github.com/jessepollak/payment/blob/master/lib/payment.js#L787 is not being triggered

    bug 
    opened by vikmovcan 15
  • format credit card number after Autofill

    format credit card number after Autofill

    Hi,

    is there a way to format the credit card number after Autofill by the browser.

    e.g. the user has their card details saved in chrome / Edge etc and is prompted to use it when they enter the credit card field. the Autofil enters the card number without spaces e.g. 4444333322221111 and it is not automatically formatted to 4444 3333 2222 1111.

    if you paste 4444333322221111 into the credit card box it does format it 4444 3333 2222 1111.

    thanks for your help.

    very useful library

    jack

    bug 
    opened by jack-guide 12
  • Does not build under webpack

    Does not build under webpack

    Modules which require(payment) as a dependency cause production webpack builds to fail. It seems like the fact that all files are bundled together is an issue; suspect the fix is to setup a build process that compiles each coffeescript file into a separate javascript file, rather than bundling them all together.

    The error webpack outputs is:

    WARNING in ./~/card-react/~/payment/lib/payment.js
    Critical dependencies:
    1:459-466 This seems to be a pre-built javascript file. Though this is possible, it's not recommended. Try to require the original source to get better results.
     @ ./~/card-react/~/payment/lib/payment.js 1:459-466
    

    Though it presents as a warning and will pass in some development configurations, it will fail in a production build command.

    opened by pospi 12
  • When using with React/Redux, it does not fire element's onChange event  every 4 digits when formatting card number

    When using with React/Redux, it does not fire element's onChange event every 4 digits when formatting card number

    If I have an issue with the function formatCreditCard when using React/Redux. It does not fire element's onChange event every 4 digits.

    You can see the issue here http://www.webpackbin.com/Nyy7s1m-f

    As you can see, as you fill in the credit card number, the console prints it but it skips the 4th, 8th, 12th digits.

    opened by ferenckv 7
  • Trying to get in touch regarding a security issue

    Trying to get in touch regarding a security issue

    Hey there!

    I'd like to report a security issue but cannot find contact instructions on your repository.

    If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

    Thank you for your consideration, and I look forward to hearing from you!

    (cc @huntr-helper)

    opened by JamieSlome 6
  • ReferenceError: global is not defined

    ReferenceError: global is not defined

    Payment assigns to global.Payment, but global is not available in the browser and causes an exception.

    https://github.com/jessepollak/payment/blob/f167412da35964ad3122231f7289b829b0b3491d/src/index.coffee#L551

    I propose changing that line to use globalThis instead of global. The difference is that globalThis works in both browsers and Node.js, whereas global only works in Node.js.

    enhancement 
    opened by sholladay 6
  • restrictNumeric blocks pasting with Ctrl+V

    restrictNumeric blocks pasting with Ctrl+V

    restrictNumeric() correctly checks for e.metaKey || e.ctrlKey, but these are always undefined because QJ.normalizeEvent() doesn't copy them from the original event.

    Relevant links to the code:

    • https://github.com/jessepollak/payment/blob/v2.3.0/dist/payment.js#L372
    • https://github.com/jessepollak/payment/blob/v2.3.0/dist/payment.js#L731
    • https://github.com/jessepollak/qj/blob/v2.0.0/src/index.coffee#L29

    #57 is probably the same issue, since formatCardNumber() uses restrictNumeric().

    opened by Changaco 5
  • Issue with formatCardNumber - erased characters reappearing on validate

    Issue with formatCardNumber - erased characters reappearing on validate

    Using 2.2.1

    screen shot 2017-05-09 at 11 59 22 am

    ^ It appears like the field is allowing 19 characters + 3 spaces. When a user accidentally goes over 16 characters like in the photo 4242 4242 4242 4242 333 and then goes to erase the extra characters => 4242 4242 4242 4242, and clicks Submit to validate the card, a previously erased extra character appears in the input field => 4242 4242 4242 4242 3 and the card returns invalid.

    The input masking is implemented in React, but this probably shouldn't matter.

    screen shot 2017-05-09 at 12 30 54 pm

    opened by 0xStarcat 5
  • Allow «validateCardExpiry()» to recieve plain card expiry input value

    Allow «validateCardExpiry()» to recieve plain card expiry input value

    I think, it would be better to allow validateCardExpiry method to recieve plain input value, just the same way like validateCardNumber and validateCardCVC behave. It's not breaking change and has backward-compatibility as well, but only adds one more signature to this method.

    The purpose is because I'm trying to use Payment to make validation on my page and I want to make it via one general method, like this:

    image

    And, as you can see, validateCardExpiry doesn't work properly in this case, because it expects either {month, year} object, or separate month and year arguments.

    Hope for your understanding:)

    opened by a-wart 5
  • Expose formatCardCVC and formatCardExpiry under Payment.fns

    Expose formatCardCVC and formatCardExpiry under Payment.fns

    Hi - great library, thanks for your work on it.

    I'm trying to integrate this library with a React.js payment form. This stops me from using and direct event handlers on the input fields.

    I've had success with using the Payment.fns.formatCardNumber function to help me format my user input as part of the react data flow but unfortunately the related functions for expiry and cvc are not exposed in their non-event-handler form as the card number function is.

    Would it be possible to expose these so I can use them as stand alone string formatters?

    Thanks!

    opened by chrisfinch 5
  • chore(deps-dev): bump webpack and karma-webpack

    chore(deps-dev): bump webpack and karma-webpack

    Bumps webpack and karma-webpack. These dependencies needed to be updated together. Updates webpack from 4.46.0 to 5.37.1

    Release notes

    Sourced from webpack's releases.

    v5.37.1

    Bugfixes

    • When using multiple configurations in watch mode and calling Watching.invalidate, dependencies and parallelism of the config array is now respected correctly
    • Fix a crash when accessing the stats after the next compilation has started
    • fix collecting changes when using Watching.suspend
    • fix schema of RuleCondition.not and allow passing a condition directly instead of only an array

    Developer Experience

    • typings accept a ReadonlyArray of configurations now

    Contributing

    • fix coverage reporting for child processes
    • remove outdated loader from readme

    v5.37.0

    Features

    • add output.trustedTypes

    Bugfixes

    • fix inclusion of too many chunk in the filename function when using dependOn
    • allow errors to be null in fs callbacks

    Developer Experiences

    • make ESM tracking info message less verbose
    • add typings for loaders

    v5.36.2

    Bugfixes

    • correctly handle errors thrown during parser/generator creation
      • e. g. validation errors for asset module options
    • use a better automatic runtime name for workers
      • not too long to cause filename problems
    • no longer assume assets do not get removed when the compiler is running
      • Using output.clean is against this assumption
      • It fixes a bug where assets are missing, when removed and readded to the compilation
    • fix a problem when chained dependOn, which causes too many modules being included in entrypoints

    v5.36.1

    Performance

    • add cache.profile (type: "filesystem" only) flag for more info about (de)serialization timings
    • avoid complex "by exports" splitting for splitChunks in development mode
    • faster hashing for the common case

    ... (truncated)

    Commits

    Updates karma-webpack from 4.0.2 to 5.0.0

    Release notes

    Sourced from karma-webpack's releases.

    v5.0.0

    No release notes provided.

    v5.0.0-alpha.6

    Bug Fixes

    • automatically fix missing webpack framework and report a warning (ea5dc8e)
    • fix an issue where multiple karma-webpack processes could not run in parallel (ea3dabe)
    • bump hotfix dependencies (98b3ec9)

    v5.0.0-alpha.5

    Bug Fixes

    • change the webpack peer dependency to webpack v5 (2e0ca74)

    v5.0.0-alpha.4

    Bug Fixes

    • fix compatibility issues for webpack v5 (8d7366f), closes #452
    • remove deprecation warning for .watch() (4fe1f60)
    Changelog

    Sourced from karma-webpack's changelog.

    5.0.0 (2021-02-02)

    No changes, just a new stable release.

    5.0.0-alpha.6 (2021-01-30)

    Bug Fixes

    • automatically fix missing webpack framework and report a warning (ea5dc8e)
    • fix an issue where multiple karma-webpack processes could not run in parallel (ea3dabe)
    • bump hotfix dependencies (98b3ec9)

    5.0.0-alpha.5 (2020-12-06)

    Bug Fixes

    • change the webpack peer dependency to webpack v5 (2e0ca74)

    5.0.0-alpha.4 (2020-12-06)

    Bug Fixes

    • fix compatibility issues for webpack v5 (8d7366f), closes #452
    • remove deprecation warning for .watch() (4fe1f60)

    5.0.0-alpha.3.0 (2019-03-07)

    Bug Fixes

    5.0.0-alpha.2 (2019-02-13)

    Bug Fixes

    • karma-webpack: normalize paths to be compatible with windows (b783e1c)

    5.0.0-alpha.1 (2019-01-01)

    ... (truncated)

    Commits
    Maintainer changes

    This version was pushed to npm by ryanclark, a new releaser for karma-webpack since your current version.


    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 4
  • chore(deps): bump qs from 6.5.2 to 6.5.3

    chore(deps): bump qs from 6.5.2 to 6.5.3

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2

    chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps-dev): bump jsdom from 16.6.0 to 20.0.3

    chore(deps-dev): bump jsdom from 16.6.0 to 20.0.3

    Bumps jsdom from 16.6.0 to 20.0.3.

    Release notes

    Sourced from jsdom's releases.

    Version 20.0.3

    • Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

    Version 20.0.2

    • Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
    • Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
    • Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

    Version 20.0.1

    • Improved the performance of appending <option> elements to <select> elements. (TheHound)
    • Fixed location.pathname getter to not crash when the JSDOM instance was created using an opaque-path URL, including the default URL of about:blank.
    • Fixed crypto.getRandomValues() to accept typed array subclasses. (sebamarynissen)
    • Updated various dependency minor versions. Notably, nwsapi fixed some selectors bugs, and tough-cookie fixed some cookie bugs.

    Version 20.0.0

    • Node.js v14 is now the minimum supported version.
    • Added crypto.getRandomValues(). (sjrd)
    • Added HTMLFormControlsCollection and RadioNodeList, so formEl.elements now behaves correctly. (UndefinedBehavior)
    • Added the signal option to addEventListener(). (cheap-glitch)
    • Fixed the :root pseudoclass to work correctly. (hughs-ch)
    • Updated parse5, bringing along some HTML parsing and serialization fixes. (fb55)

    Version 19.0.0

    • Changed jsdom.nodeLocation() to return undefined when used on nodes that originate via fragment parsing (e.g., via innerHTML). Previously it would return based on the node location of the fragment string, which made node locations unreliable with respect to the original document source. This restores the behavior that was present in v14.0.0, and was accidentally broken in v14.1.0. (bakkot)
    • Fixed calling window.close() inside the Window's load event to no longer crash. (MattiasBuelens)

    Version 18.1.1

    • Fixed connectedCallback to fire in situations involving document fragments, which was broken in v18.0.1. (GrantGryczan)

    Version 18.1.0

    • Fixed headers.append() and headers.set() to normalize values. (MattiasBuelens)
    • Fixed pageshow events to have bubbles: true and cancelable: true. (MattiasBuelens)
    • Implemented the reason property on AbortSignals, along with the corresponding reason argument to abortSignal.abort() and AbortSignal.abort(). (MattiasBuelens)

    Version 18.0.1

    • Fixed live Ranges to update correctly after calling node.normalize(). (hgiesel)
    • Fixed live Ranges to update correctly after removing child nodes. (hgiesel)
    • Fixed setting inputEl.valueAsDate = null to no longer throw an exception, but instead set the value to the empty string. (simon-weimann)
    • Improved performance of node insertion and node.contains(). (GrantGryczan)

    Version 18.0.0

    Potentially-breaking bug fixes:

    • Fixed SSL certificate checking for WebSocket connections. Previously, invalid SSL certificates were always accepted; now, they properly respect the ResourceLoader's strictSSL option (which defaults to true).
    • Changed the global in which almost all Promise and TypeError instances are created to be the jsdom global, not the Node.js global. This could affect any code that uses instanceof.

    Other changes:

    • Fixed moving an element between HTML and XML documents to reset the tagName cache, allowing it to return a lowercase value once it's in the XML document. (LucasLefevre)
    • Fixed form submission to not happen when the form is invalid. (pozil)

    ... (truncated)

    Changelog

    Sourced from jsdom's changelog.

    20.0.3

    • Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

    20.0.2

    • Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
    • Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
    • Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

    20.0.1

    • Improved the performance of appending <option> elements to <select> elements. (TheHound)
    • Fixed location.pathname getter to not crash when the JSDOM instance was created using an opaque-path URL, including the default URL of about:blank.
    • Fixed crypto.getRandomValues() to accept typed array subclasses. (sebamarynissen)
    • Updated various dependency minor versions. Notably, nwsapi fixed some selectors bugs, and tough-cookie fixed some cookie bugs.

    20.0.0

    • Node.js v14 is now the minimum supported version
    • Added crypto.getRandomValues(). (sjrd)
    • Added HTMLFormControlsCollection and RadioNodeList, so formEl.elements now behaves correctly. (UndefinedBehavior)
    • Added the signal option to addEventListener(). (cheap-glitch)
    • Fixed the :root pseudoclass to work correctly. (hughs-ch)
    • Updated parse5, bringing along some HTML parsing and serialization fixes. (fb55)

    19.0.0

    • Changed jsdom.nodeLocation() to return undefined when used on nodes that originate via fragment parsing (e.g., via innerHTML). Previously it would return based on the node location of the fragment string, which made node locations unreliable with respect to the original document source. This restores the behavior that was present in v14.0.0, and was accidentally broken in v14.1.0. (bakkot)
    • Fixed calling window.close() inside the Window's load event to no longer crash. (MattiasBuelens)

    18.1.1

    • Fixed connectedCallback to fire in situations involving document fragments, which was broken in v18.0.1. (GrantGryczan)

    18.1.0

    • Fixed headers.append() and headers.set() to normalize values. (MattiasBuelens)
    • Fixed pageshow events to have bubbles: true and cancelable: true. (MattiasBuelens)
    • Implemented the reason property on AbortSignals, along with the corresponding reason argument to abortSignal.abort() and AbortSignal.abort(). (MattiasBuelens)

    18.0.1

    • Fixed live Ranges to update correctly after calling node.normalize(). (hgiesel)
    • Fixed live Ranges to update correctly after removing child nodes. (hgiesel)
    • Fixed setting inputEl.valueAsDate = null to no longer throw an exception, but instead set the value to the empty string. (simon-weimann)
    • Improved performance of node insertion and node.contains(). (GrantGryczan)

    18.0.0

    ... (truncated)

    Commits
    • 22f7c3c Version 20.0.3
    • c540630 Update dependencies and dev dependencies
    • cdf07a1 Slight tweaks to GitHub Actions
    • bd77578 Try to make the issue template clearer
    • e285763 Version 20.0.2
    • cb4e454 Change how the custom element registry is looked up
    • f4324ba Fix event.getModifierState() and modifier property interaction
    • fea788b Fix xhr.abort() when the XHR is invalid
    • c3c421c Remove outdated comment
    • df8de00 Version 20.0.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): bump loader-utils from 1.4.0 to 1.4.2

    chore(deps): bump loader-utils from 1.4.0 to 1.4.2

    Bumps loader-utils from 1.4.0 to 1.4.2.

    Release notes

    Sourced from loader-utils's releases.

    v1.4.2

    1.4.2 (2022-11-11)

    Bug Fixes

    v1.4.1

    1.4.1 (2022-11-07)

    Bug Fixes

    Changelog

    Sourced from loader-utils's changelog.

    1.4.2 (2022-11-11)

    Bug Fixes

    1.4.1 (2022-11-07)

    Bug Fixes

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): bump socket.io-parser from 3.3.2 to 3.3.3

    chore(deps): bump socket.io-parser from 3.3.2 to 3.3.3

    Bumps socket.io-parser from 3.3.2 to 3.3.3.

    Changelog

    Sourced from socket.io-parser's changelog.

    3.3.3 (2022-11-09)

    Bug Fixes

    • check the format of the index of each attachment (fb21e42)

    3.4.2 (2022-11-09)

    Bug Fixes

    • check the format of the index of each attachment (04d23ce)

    4.2.1 (2022-06-27)

    Bug Fixes

    • check the format of the index of each attachment (b5d0cb7)

    4.0.5 (2022-06-27)

    Bug Fixes

    • check the format of the index of each attachment (b559f05)

    4.2.0 (2022-04-17)

    Features

    • allow the usage of custom replacer and reviver (#112) (b08bc1a)

    4.1.2 (2022-02-17)

    Bug Fixes

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps-dev): bump nodemon from 2.0.7 to 2.0.20

    chore(deps-dev): bump nodemon from 2.0.7 to 2.0.20

    Bumps nodemon from 2.0.7 to 2.0.20.

    Release notes

    Sourced from nodemon's releases.

    v2.0.20

    2.0.20 (2022-09-16)

    Bug Fixes

    • remove postinstall script (e099e91)

    v2.0.19

    2.0.19 (2022-07-05)

    Bug Fixes

    v2.0.18

    2.0.18 (2022-06-23)

    Bug Fixes

    • revert update-notifier forcing esm (1b3bc8c)

    v2.0.17

    2.0.17 (2022-06-23)

    Bug Fixes

    v2.0.16

    2.0.16 (2022-04-29)

    Bug Fixes

    • support windows by using path.delimiter (e26aaa9)

    v2.0.15

    2.0.15 (2021-11-09)

    Bug Fixes

    v2.0.14

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
Releases(2.4.4)
  • 2.4.4(Jun 11, 2021)

  • v2.4.3(Apr 2, 2021)

  • v2.4.2(Apr 2, 2021)

  • v2.4.0(Jul 26, 2020)

  • v2.1.2(Sep 18, 2016)

  • v2.1.0(Aug 26, 2016)

  • v2.0.1(Jul 19, 2016)

  • v2.0.0(Jul 17, 2016)

    In addition to those code changes, with 2.0.0 we change how the code is built and packaged. There are now two different distribution folders:

    1. lib/ - this includes ES5 compatible code that can be built with anything that supports node style require statements (like browserify and webpack).
    2. dist/ - this includes browser compatible code that can be included in