Product
Introducing Historical Analytics – Now in Beta
We’re excited to announce a powerful new capability in Socket: historical data and enhanced analytics.
By Phil Gates-Idem - Apr 24, 2025
🚀 Socket Launch Week 🚀 Day 4: Introducing Historical Analytics.Learn More →
@rusted/react-recaptcha-v3
Advanced tools
@rusted/react-recaptcha-v3
Google Recaptcha V3 for React.js based application. Do not blow up your Page Insights score.
Google reCaptcha v3 (Invisible) implementation for React based application
Please read the documentation about Google reCAPTCHA on their official website before installation.
Obtain a siteKey (your reCaptcha token) before using this library.
Package name @rusted/react-recaptcha-v3.
Key Features 🎯
- Prevent degrading PageSpeed Insights score with power of
injectionDelayproperty. - Lazy
siteKeyin case it is provided by back-end API. - Lazy load reCaptcha assets for key points of your application. Function provided by
useSkipInjectionDelayhook allows to ignoreinjectionDelay - Clear versioning with help of Changeset.
- Highly tested code with Typescript and Jest.
How to install?
yarn add @rusted/react-recaptcha-v3for Yarn.pnpm add @rusted/react-recaptcha-v3'for pnpmnpm install @rusted/react-recaptcha-v3for npm
Components documentation
ReCaptchaProvider
@rusted/react-recaptcha-v3 provides a ReCaptchaProvider provider component that should be used to wrap around your components.
ReCaptchaProvider's responsibility is to load the necessary reCaptcha script and provide access to reCaptcha to the rest of your application.
Usually, your application only needs one provider. You should place it as high as possible in your React tree. It's to make sure you only have one instance of Google Recaptcha per page and it doesn't reload unecessarily when your components re-rendered.
Same thing applied when you use this library with a framework such as Next.js or React Router and only want to include the script on a single page. Try to make sure you only have one instance of the provider on a React tree and to place it as high (on the tree) as possible.
Property types for ReCaptchaProvider
type Props = {
siteKey: string | null;
useRecaptchaNet?: boolean = false;
enterprise?: boolean = false;
scriptProps?: = {
nonce?: string;
defer?: boolean = true;
async?: boolean = true;
appendTo?: 'head' | 'body';
id?: string = 'rusted_labs_react_recaptcha_v3';
};
injectionDelay?: number;
};
A short description for each property
| Property name | Description |
|---|---|
| siteKey | Your recaptcha key, get one from google recaptcha admin console. In case null provided events still will be recorded. Those events will be sent when siteKey provided. Also, google recaptcha script will not be loaded until siteKey provided. This can be helpful in case you want take control of this process. For example, to reduce impact of recaptcha on your pagespeed score . |
| scriptProps | The injectedscript tag can be customized with this prop. It allows you to add async, defer, nonce attributes to the script tag. appendTo attribute controls whether the injected script will be added to the document body or head with . |
| useRecaptchaNet | Load script fromrecaptcha.net instead of Google domain. This can help to workaround ad blockers. https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally |
| enterprise | Load script for Enterprise. Get an Enterprise key before using it. Read more |
| injectionDelay | In case you don't want to blow up yourPageInsights Score you can defer script loading by specifing threshold time. Events will be recorded and flushed at once on script load. Timeout should be specified in milliseconds. Plase note, that in case injectionDelay changed timeout is reseted. |
React Hook: useGoogleReCaptcha
There is only one way to call Google reCaptcha. Hook useExecuteReCaptcha.
The function returned by useGoogleReCaptcha returns promise with resolved reCaptcha token result. This token is used to validate protection score on your server-side and decide whether user is bot or not.
Please note, in case your parent component tree not wrapped by ReCaptchaProvider a console error will be shown and event will be ignored.
Use the hook as provided in the following example.
import { ReCaptchaProvider,useExecuteReCaptcha } from '@rusted/react-recaptcha-v3';
const GoogleReCaptchaValidatorComponent = () => {
const executeRecaptcha = useExecuteReCaptcha();
// Create an event handler so you can call the verification on button click event or form submit
const handleReCaptchaVerify = useCallback(async () => {
const token = await executeRecaptcha('userAction');
// Do whatever you want with the token
}, [executeRecaptcha]);
// You can use useEffect to trigger the verification as soon as the component being loaded
useEffect(() => {
handleReCaptchaVerify();
}, [handleReCaptchaVerify]);
return <button onClick={handleReCaptchaVerify}>Verify recaptcha</button>;
};
ReactDOM.render(
<ReCaptchaProvider siteKey="[Your recaptcha key]">
<GoogleReCaptchaValidatorComponent />
</ReCaptchaProvider>,
document.getElementById('app')
);
useSkipInjectionDelay
"I need my Google reCAPTCHA to be loaded now, regardless of the injectionDelay property. What should I do?"
There is a way to ignore the injectionDelay and load reCAPTCHA assets immediately. The useSkipInjectionDelay hook returns a callback that accomplishes this. See the following usage example.
import { ReCaptchaProvider,useExecuteReCaptcha } from '@rusted/react-recaptcha-v3';
const GoogleReCaptchaValidatorComponent = () => {
const forceRecaptchaLoad = useSkipInjectionDelay();
// Create an event handler so you can call the verification on button click event or form submit
const handleReCaptchaVerify = useCallback(async () => {
forceRecaptchaLoad()//Load google recaptcha NOW!
const token = await executeRecaptcha('someVeryImportantAction');
// Do whatever you want with the token
}, [executeRecaptcha]);
// You can use useEffect to trigger the verification as soon as the component being loaded
useEffect(() => {
handleReCaptchaVerify();
}, [handleReCaptchaVerify]);
return <button onClick={handleReCaptchaVerify}>Verify recaptcha</button>;
};
ReactDOM.render(
<ReCaptchaProvider siteKey="[Your recaptcha key]">
<GoogleReCaptchaValidatorComponent />
</ReCaptchaProvider>,
document.getElementById('app')
);
In our example, we have shown an important action that requires a token as fast as possible. However, keep in mind that for invisible reCAPTCHA, such a case can be suspicious, leading to a worse score. It is better to prepare reCAPTCHA at an earlier stage.
For example, you can call useSkipInjectionDelay with some action triggered by the user earlier, when you do not need a token immediately.
0.3.8
Patch Changes
- 80d4241: Improve documentation
FAQs
Google Recaptcha V3 for React.js based application. Do not blow up your Page Insights score.
The npm package @rusted/react-recaptcha-v3 receives a total of 56 weekly downloads. As such, @rusted/react-recaptcha-v3 popularity was classified as not popular.
We found that @rusted/react-recaptcha-v3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Aug 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Module Reachability: Focus on the Vulnerabilities That Matter
Module Reachability filters out unreachable CVEs so you can focus on vulnerabilities that actually matter to your application.
By Trevor Norris - Apr 23, 2025
Company News
Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team
Socket is bringing best-in-class reachability analysis into the platform — cutting false positives, accelerating triage, and cementing our place as the leader in software supply chain security.
By Feross Aboukhadijeh - Apr 23, 2025