Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/appleboy/react-recaptcha
A react.js reCAPTCHA V2 for Google. The FREE anti-abuse service. Easy to add, advanced security, accessible to wide range of users and platforms.
reCAPTCHA is a free service that protects your site from spam and abuse. It uses advanced risk analysis engine to tell humans and bots apart. With the new API, a significant number of your valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA (See blog for more details). reCAPTCHA comes in the form of a widget that you can easily add to your blog, forum, registration form, etc.
See the details.
To use reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret. The site key is used to display the widget on your site. The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret needs to be kept safe for security purposes.
Install package via node.js
$ npm install --save react-recaptcha
You can see the full example by following steps.
$ npm install
$ npm start
open the http://localhost:3000
in your browser.
Node >= v6 is required for this package. Run node -v
in your command prompt if you're unsure which Node version you have installed.
Html example code:
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="build/react.js"></script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<div id="example"></div>
<script src="build/index.js"></script>
</body>
</html>
Jsx example code: build/index.js
var Recaptcha = require('react-recaptcha');
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
/>,
document.getElementById('example')
);
Deferring the render can be achieved by specifying your onload callback function and adding parameters to the JavaScript resource.
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="build/react.js"></script>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>
</head>
<body>
<div id="example"></div>
<script src="build/index.js"></script>
</body>
</html>
Jsx example code: build/index.js
var Recaptcha = require('react-recaptcha');
// specifying your onload callback function
var callback = function () {
console.log('Done!!!!');
};
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
render="explicit"
onloadCallback={callback}
/>,
document.getElementById('example')
);
Define verify Callback function
var Recaptcha = require('react-recaptcha');
// specifying your onload callback function
var callback = function () {
console.log('Done!!!!');
};
// specifying verify callback function
var verifyCallback = function (response) {
console.log(response);
};
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
render="explicit"
verifyCallback={verifyCallback}
onloadCallback={callback}
/>,
document.getElementById('example')
);
Change the color theme of the widget. Place theme
property light|dark
. Default value is light
.
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
theme="dark"
/>,
document.getElementById('example')
);
Change the type of CAPTCHA to serve. Please type
property audio|image
. Default value is image
.
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
type="audio"
/>,
document.getElementById('example')
);
The reCAPTCHA widget can be manually reset by accessing the component instance via a callback ref and calling .reset()
on the instance.
var Recaptcha = require('react-recaptcha');
// create a variable to store the component instance
let recaptchaInstance;
// create a reset function
const resetRecaptcha = () => {
recaptchaInstance.reset();
};
ReactDOM.render(
<div>
<Recaptcha
ref={e => recaptchaInstance = e}
sitekey="xxxxxxxxxxxxxxxxxxxx"
/>
<button
onClick={resetRecaptcha}
>
Reset
</button>
</div>,
document.getElementById('example')
);
The following props can be passed into the React reCAPTCHA component. These can also be viewed in the source code
className
: the class for the reCAPTCHA div.onloadCallbackName
: the name of your onloadCallback function (see onloadCallback
below).elementID
: the #id for the reCAPTCHA div.onloadCallback
: the callback to pass into the reCAPTCHA API if rendering the reCAPTCHA explicitly.verifyCallback
: the callback that fires after reCAPTCHA has verified a user.expiredCallback
: optional. A callback to pass into the reCAPTCHA if the reCAPTCHA response has expired.render
: specifies the render type for the component (e.g. explicit), see onloadCallback
and explicit rendering.sitekey
: the sitekey for the reCAPTCHA widget, obtained after signing up for an API key.theme
: the color theme for the widget, either light or dark.type
: the type of reCAPTCHA you'd like to render, list of reCAPTCHA types available here.verifyCallbackName
: the name of your verifyCallback function, see verifyCallback
above.expiredCallbackName
: the name of your expiredCallbackName function, see expiredCallback
above.size
: the desired size of the reCAPTCHA widget, can be either 'compact' or 'normal'.tabindex
: optional: The tabindex of the widget and challenge. If other elements in your page use tabindex, it should be set to make user navigation easier. More info on tabindex available here.hl
: optional. Forces the widget to render in a specific language. Auto-detects the user's language if unspecified. List of language codes available here.badge
: optional. Reposition the reCAPTCHA badge. 'inline' allows you to control the CSS.If not specified when rendering the component, the following props will be passed into the reCAPTCHA widget:
{
elementID: 'g-recaptcha',
onloadCallback: undefined,
onloadCallbackName: 'onloadCallback',
verifyCallback: undefined,
verifyCallbackName: 'verifyCallback',
expiredCallback: undefined,
expiredCallbackName: 'expiredCallback',
render: 'onload',
theme: 'light',
type: 'image',
size: 'normal',
tabindex: '0',
hl: 'en',
badge: 'bottomright',
};
Use the invisible reCAPTCHA by setting size
prop to 'invisible'. Since it is invisible, the reCAPTCHA widget must be executed programatically.
var Recaptcha = require('react-recaptcha');
// create a variable to store the component instance
let recaptchaInstance;
// manually trigger reCAPTCHA execution
const executeCaptcha = function () {
recaptchaInstance.execute();
};
// executed once the captcha has been verified
// can be used to post forms, redirect, etc.
const verifyCallback = function (response) {
console.log(response);
document.getElementById("someForm").submit();
};
ReactDOM.render(
<div>
<form id="someForm" action="/search" method="get">
<input type="text" name="query">
</form>
<button
onClick={executeCaptcha}
>
Submit
</button>
<Recaptcha
ref={e => recaptchaInstance = e}
sitekey="xxxxxxxxxxxxxxxxxxxx"
size="invisible"
verifyCallback={verifyCallback}
/>
</div>,
document.getElementById('example')
);
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.