Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@prosopo/procaptcha-react
Advanced tools
React components for integrating the Prosopo [procaptcha](https://github.com/prosopo/procaptcha) into a React app.
React components for integrating the Prosopo procaptcha into a React app.
Prosopo is a distributed human verification service that can be used to stop bots from interacting with your apps. Sign up to be a network beta tester.
You can install this library with:
npm install @prosopo/procaptcha-react --save
See the client example for a minimal example of these components being used in a frontend app.
<Procaptcha config={config} callbacks={{ onError, onHuman, onExpired }} />
ProcaptchaEvents
are passed to the captcha component at creation.
The captcha event callbacks are defined as follows:
/**
* A list of all events which can occur during the Procaptcha process.
*/
export interface ProcaptchaEvents {
onError: (error: Error) => void
onHuman: (output: ProcaptchaOutput) => void
onExtensionNotFound: () => void
onExpired: () => void
onFailed: () => void
}
The onHuman
callback is called when the user has successfully completed the captcha challenge. The ProcaptchaOutput
object contains the following fields:
Key | Type | Description |
---|---|---|
commitmentId | string | The commitment ID of the captcha challenge. This is used to verify the user's response on-chain. |
providerUrl | string | The URL of the provider that the user used to solve the captcha challenge. |
dapp | string | The SITE_KEY of your application / website |
user | string | The user's account address |
blockNumber | number | The block number of the captcha challenge. This is used to verify that the contacted provider was randomly selected on-chain. |
The onError
callback is called when an error occurs during the captcha process. The Error
object is a standard
JavaScript error.
The onExpired
callback is called when the captcha challenge has expired. This can occur if the user takes too long to
complete the challenge.
The onFailed
callback is called when the user has failed the captcha challenge. This can occur if the user answers the
challenge incorrectly.
You can see Procaptcha being used as a React component in our React Demo.
The Procaptcha component is called as follows:
<Procaptcha config={config} callbacks={{ onError, onHuman, onExpired }} />
A config object is required and must contain your SITE_KEY. The callbacks are optional and can be used to handle the
various Procaptcha events. The following config demonstrates the PROSOPO_SITE_KEY
variable being pulled from
environment variables.
const config: ProcaptchaClientConfigInput = {
account: {
address: process.env.PROSOPO_SITE_KEY || undefined,
},
web2: 'true',
dappName: 'client-example',
defaultEnvironment: 'rococo',
networks: {
rococo: {
endpoint: 'wss://rococo-contracts-rpc.polkadot.io:443',
contract: {
address: '5HiVWQhJrysNcFNEWf2crArKht16zrhro3FcekVWocyQjx5u',
name: 'prosopo',
},
},
},
solutionThreshold: 80,
}
Key | Type | Description |
---|---|---|
account | string | The SITE_KEY you received when you signed up |
web2 | string | Set to true to enable web2 support |
dappName | string | The name of your application / website |
defaultEnvironment | string | The default environment to use - set to rococo |
networks | object | The networks your application supports - copy paste this from the config above |
solutionThreshold | number | The percentage of captcha that a user must have answered correctly to identify as human |
Please see the main README for instructions on how to implement the server side of Procaptcha.
FAQs
React components for integrating the Prosopo [procaptcha](https://github.com/prosopo/procaptcha) into a React app.
The npm package @prosopo/procaptcha-react receives a total of 103 weekly downloads. As such, @prosopo/procaptcha-react popularity was classified as not popular.
We found that @prosopo/procaptcha-react demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.