
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@veriff/incontext-sdk
Advanced tools
npm install @veriff/incontext-sdk
Before initializing the InContext SDK
, you need a valid Veriff session URL. To create a session URL, you can use our JS SDK or our API.
// ES6
import { createVeriffFrame } from '@veriff/incontext-sdk';
// CommonJS
const { createVeriffFrame } = require('@veriff/incontext-sdk');
const veriffFrame = createVeriffFrame({ url: 'SESSION_URL' });
This will render an iframe with a modal that contains Veriff application.
import { EmbeddedOptions, MESSAGES, VeriffFrameOptions } from '@veriff/incontext-sdk';
Pass the onEvent
callback function when initializing SDK
import { createVeriffFrame, MESSAGES } from '@veriff/incontext-sdk';
createVeriffFrame({
url: 'SESSION_URL',
onEvent: function (msg: MESSAGES) {
switch (msg) {
case MESSAGES.STARTED:
console.log('Verification started');
break;
case MESSAGES.SUBMITTED:
console.log('Verification submitted');
break;
case MESSAGES.FINISHED:
console.log('Verification finished');
break;
case MESSAGES.CANCELED:
console.log('Verification closed');
break;
case MESSAGES.RELOAD_REQUEST:
console.log('Verification reloaded');
break;
}
},
});
Include a script tag:
<script src="https://cdn.veriff.me/incontext/js/v2.5.0/veriff.js"></script>
window.veriffSDK.createVeriffFrame({ url: 'session url' });
The embedded mode allows you to inject the Veriff flow to a specific part of your website, without a modal. To enable embedded mode, set the embedded
option to true
.
The flow will render regardless of the dimensions, but the user experience might be affected.
const veriffFrame = createVeriffFrame({
url: 'SESSION_URL',
embedded: true,
embeddedOptions: {
// Specifies the parent DOM element of Veriff’s iframe, using its ID attribute
rootElementID: 'embedded-container',
},
});
<div
style={{ width: '635px', height: '670px', border: '1px solid #ccc' }}
id="embedded-container"
/>
Create modal with Veriff application.
[options]
- Configuration object (only url
is required)
url
- Veriff session URLlang
- Set user interface language ISO 639-1 (https://www.veriff.com/supported-languages)onEvent
- Event callback functiononReload
- Reload request callback. This event can be called when Veriff detects that user has denied camera access and to re-request camera access parent window should be reloadedembedded
- Set to true
if you want to use embedded mode (see Embedded mode)embeddedOptions
- Embedded mode options
rootElementID
- Specifies the parent DOM element of Veriff’s iframe, using its ID attributeReturns an object that controls the modal.
Close Veriff modal. Normally modal will be closed due to user input, but if you want to control it(e.g. timeout), please use this function.
This is an edge case for Safari iOS to re-request camera permissions
Example:
const url = sessionStorage.getItem('@veriff-session-url') || getSessionUrl();
veriffSDK.createVeriffFrame({
url,
onReload: () => {
// Logic to re-open Veriff SDK after page reload
// e.g. sessionStorage.setItem('@veriff-session-url', 'session url');
window.location.reload();
},
});
FAQs
In-Context Veriff browser integration
The npm package @veriff/incontext-sdk receives a total of 12,639 weekly downloads. As such, @veriff/incontext-sdk popularity was classified as popular.
We found that @veriff/incontext-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.