![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@startupjs/recaptcha
Advanced tools
Readme
library for displaying and interacting with Google ReCaptcha
yarn add @startupjs/recaptcha
Add the following lines to server/index.js
:
import initRecaptcha from '@startupjs/recaptcha/server'
Add to the startupjsServer
function:
initRecaptcha(ee, options)
The options
argument accepts an object with a type
field, that specify which reCAPTCHA type you want to use (possible types: enterprise
or v3
)
In the getHead
function, add a call to the getRecaptchaHead
function:
import { getRecaptchaHead } from '@startupjs/recaptcha/server'
function getHead (req) {
return `
// ...
${getRecaptchaHead(req)}
// ...
`
}
In config.json
file of your project, you need to add for reCAPTCHA Enterprise:
{
"RECAPTCHA_SECRET_KEY": "YOUR_SECRET_KEY",
"RECAPTCHA_ENTERPRISE_NORMAL_SITE_KEY": "YOUR_SITE_KEY",
"RECAPTCHA_ENTERPRISE_INVISIBLE_SITE_KEY": "YOUR_SITE_KEY",
"GOOGLE_CLOUD_PROJECT_ID": "ID_YOUR_CLOUD_PROJECT"
}
RECAPTCHA_SECRET_KEY
created here https://console.cloud.google.com/apis/credentials
RECAPTCHA_ENTERPRISE_NORMAL_SITE_KEY
и RECAPTCHA_ENTERPRISE_INVISIBLE_SITE_KEY
- https://cloud.google.com/recaptcha-enterprise/docs/create-key
For reCAPTCHA v3, it will be enough:
{
"RECAPTCHA_SECRET_KEY": "YOUR_SECRET_KEY",
"RECAPTCHA_SITE_KEY": "YOUR_SITE_KEY"
}
These keys are created in the Google Admin Console.
import { Recaptcha } from '@startupjs/recaptcha'
const [recaptchaVerified, setRecaptchaVerified] = useState(false)
const [email, setEmail] = useState('')
const ref = useRef()
const openRecaptcha = () => {
if (!email) return
ref.current.open()
}
const onVerify = async recaptcha => {
try {
const res = await axios.post('/api/subscribe-to-mailing', {
recaptcha,
email
})
console.log('Response: ', res.data)
setRecaptchaVerified(res.data)
} catch (err) {
console.error(err.response.data)
}
}
return pug`
Div.root
TextInput.emailInput(
label='Your email'
value=email
onChangeText=setEmail
)
Recaptcha(
ref=ref
onVerify=onVerify
onLoad=() => console.log('onLoad')
onExpire=() => console.log('onExpire')
onError=error => console.log('onError', error)
onClose=() => console.log('onClose')
)
if recaptchaVerified
Span.label Thank you for subscribing
Button(
onPress=openRecaptcha
disabled=recaptchaVerified
) Subscribe
`
import { checkRecaptcha } from '@startupjs/recaptcha/server'
export default function initRoutes (router) {
router.post('/api/subscribe-to-mailing', async function (req, res) {
const { recaptcha, email } = req.body
const isVerified = await checkRecaptcha(recaptcha)
if (!isVerified) {
return res.status(403).send(isVerified)
}
// Do something with email subscription...
})
}
The Recaptcha
component takes parameters from official Google reCAPTCHA documentation
variant
[String] - The variant of the widget (invisible
, normal
or compact
). Default: invisible
theme
[String] - The color theme of the widget (dark
or light
). Default: light
baseUrl
[String] - The URL (domain) configured in the reCAPTCHA setup. (ex. http://my.domain.com
). Default: your BASE_URL
from @env
lang
[String] - Language code. Default: en
onLoad
[Function] - A callback function, executed when the reCAPTCHA is ready to useonVerify
[Function(token)] - A callback function, executed when the user submits a successful response. The recaptcha response token is passed to your callbackonExpire
[Function] - A callback function, executed when the reCAPTCHA response expires and the user needs to re-verifyonError
[Function(error)] - A callback function, executed when reCAPTCHA encounters an error (usually network connectivity) and cannot continue until connectivity is restored. If you specify a function here, you are responsible for informing the user that they should retryonClose
[Function] - (Experimental) A callback function, executed when the Modal is closed import { checkDataRecaptcha } from '@startupjs/recaptcha/server'
checkDataRecaptcha(recaptcha)
is an advanced variant of checkRecaptcha(recaptcha)
function that returns an object with the original Google API response. Different reCAPTCHA types return different data structures in the response.
FAQs
Unknown package
The npm package @startupjs/recaptcha receives a total of 88 weekly downloads. As such, @startupjs/recaptcha popularity was classified as not popular.
We found that @startupjs/recaptcha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.