You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP β†’
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

genuine-verify-sdk

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

genuine-verify-sdk

Privacy-first human verification widget using React, Next.js, and TensorFlow.js

0.1.10
latest
Source
npmnpm
Version published
Weekly downloads
526
178.31%
Maintainers
1
Weekly downloads
Β 
Created
Source

Genuine Verify SDK

npm version License: MIT TypeScript

A privacy-first, real-time human verification widget (anti-bot) for React apps. Uses TensorFlow.js and BlazeFace for gesture-based verificationβ€”no CAPTCHAs, no user friction.

πŸ“¦ Installation

npm install genuine-verify-sdk
# or
yarn add genuine-verify-sdk

Peer dependencies:

  • React 18+
  • react-dom 18+

πŸš€ Quick Start

import { GenuineWidgetEmbeddable } from 'genuine-verify-sdk';

function MyApp() {
  const handleTokenIssued = (payload: {
    token: string;
    metadata: {
      issuedAt: string;
      expiresAt: string;
      gestureType: string;
    };
  }) => {
    // Send token to your backend or validate client-side
    console.log('Token:', payload.token);
    console.log('Metadata:', payload.metadata);
  };

  return (
    <GenuineWidgetEmbeddable
      onTokenIssued={handleTokenIssued}
      tokenTTL={300}
      debug={true}
    />
  );
}

πŸ“š Documentation

πŸ” Overview

  • Purpose: Prevent bots and ensure genuine human interaction with a privacy-first, client-side widget.
  • How it works: User completes a gesture (e.g., head tilt). The widget issues a signed presence token. You can validate this token client-side or send it to your backend for verification.

🎨 Visual Features

The widget provides real-time visual feedback during verification:

Status Indicators

  • πŸ”΄ Red badge: No face detected
  • 🟑 Yellow badge: Face detected, looking for eyes
  • πŸ”΅ Blue badge: Eyes detected, waiting for gesture
  • 🟒 Green badge: Gesture verified!

Detection Overlays

  • Lime green bounding boxes: Real-time face detection
  • Cyan eye landmarks: Detected eye positions
  • Blue framing guide: Optimal face positioning area

Real-time Feedback

  • Status messages: Clear text instructions
  • Positioning guidance: Help users position their face
  • Error overlays: Graceful error handling with retry options
  • Loading states: Model loading indicators

Debug Panel (Development Only)

  • Live FPS tracking: Performance monitoring
  • Confidence scores: Detection accuracy metrics
  • Detection state: Face, eyes, gesture, stability status
  • Token information: Expiration and validation status

βš™οΈ Widget Usage

Basic Example

import { GenuineWidgetEmbeddable } from 'genuine-verify-sdk';

function MyApp() {
  const handleTokenIssued = (payload: {
    token: string;
    metadata: {
      issuedAt: string;
      expiresAt: string;
      gestureType: string;
    };
  }) => {
    // Send token to your backend or validate client-side
    console.log('Token:', payload.token);
    console.log('Metadata:', payload.metadata);
  };

  return (
    <GenuineWidgetEmbeddable
      onTokenIssued={handleTokenIssued}
      tokenTTL={300}
      debug={true}
    />
  );
}

Props

PropTypeDefaultDescription
onTokenIssued(payload: { token: string; metadata: { issuedAt: string; expiresAt: string; gestureType: string; } }) => voidβ€”Required. Called when token is issued with metadata
onFailure(context: FailureContext) => voidβ€”Called when gesture detection fails after max attempts
maxAttemptsnumber3Maximum attempts before triggering fallback
fallbackReact.ComponentType<{ failureContext: FailureContext; triggerRetry: () => void }>β€”Custom fallback component to render on failure
tokenTTLnumber300Token time-to-live (seconds)
debugbooleanfalseShow debug panel
headTiltThresholdnumber15Head tilt angle threshold (degrees)
persistbooleantruePersist token in sessionStorage
trigger'auto' | 'manual''auto'When to start detection
onStartRef(startFn: () => void) => voidβ€”Get manual start function
onError(error: Error) => voidβ€”Error callback

πŸ”‘ Utility Functions

All utilities are available as named exports:

import {
  verifyToken,
  createPresenceToken,
  getStoredToken,
  storeToken,
  clearStoredToken,
  isStoredTokenValid,
  createMockToken
} from 'genuine-verify-sdk';

Example: Token Validation

const result = await verifyToken(token);
if (result.valid) {
  // Token is valid!
} else {
  // Token is invalid or expired
}

πŸ” Verification Status Hook

Check human verification status with real-time updates:

import { useVerificationStatus } from 'genuine-verify-sdk'

function MyApp() {
  const { isVerified, token, expiresIn, timeRemaining, clearToken } = useVerificationStatus()

  return (
    <div>
      {isVerified ? (
        <div>
          <p>βœ… Human verified! Expires in {timeRemaining}</p>
          <button onClick={clearToken}>Clear Verification</button>
        </div>
      ) : (
        <p>❌ Human not verified</p>
      )}
    </div>
  )
}

Hook Features:

  • βœ… Real-time updates: Auto-updates every second when verified
  • βœ… Live countdown: Shows time remaining until expiration
  • βœ… Expiration warning: Detects when token expires soon (≀60s)
  • βœ… Token management: Clear stored tokens
  • βœ… Manual refresh: Force status update
  • βœ… TypeScript support: Full type safety

πŸ›‘οΈ Fallback Handling

The SDK automatically handles gesture failures and edge cases.

Reasons for fallback include:

  • gesture_timeout: User didn’t complete gesture in time
  • camera_error: Camera blocked or inaccessible
  • model_error: Face detection failed
  • max_attempts_reached: Too many failed tries
  • unknown: Unexpected error

Developers can pass an onFailure callback to capture detailed failure context. You can provide a custom fallback component via the fallback prop. If no fallback is provided, the SDK shows a default UI with retry. Fallbacks also expose a triggerRetry() helper to restart verification.

Usage Example:

<GenuineWidgetEmbeddable
  onTokenIssued={handleToken}
  onFailure={handleFailure}
  maxAttempts={3}
  fallback={MyCustomFallback}
/>

🎯 Trigger Control

Control when verification starts with flexible trigger modes:

import { GenuineWidgetEmbeddable, useGenuineTrigger } from 'genuine-verify-sdk'

function MyApp() {
  const [startFunction, setStartFunction] = useState(null)

  // Auto-start (default)
  return (
    <GenuineWidgetEmbeddable
      onTokenIssued={handleTokenIssued}
      trigger="auto"
    />
  )

  // Manual button
  return (
    <GenuineWidgetEmbeddable
      onTokenIssued={handleTokenIssued}
      trigger="manual"
    />
  )

  // Programmatic control
  return (
    <GenuineWidgetEmbeddable
      onTokenIssued={handleTokenIssued}
      trigger="manualStart"
      onStartRef={setStartFunction}
    />
  )
}

Advanced Programmatic Control:

import { useGenuineTrigger } from 'genuine-verify-sdk'

function MyApp() {
  const [startFunction, setStartFunction] = useState(null)
  const [isDetectionActive, setIsDetectionActive] = useState(false)
  const [isModelReady, setIsModelReady] = useState(false)

  const triggerControls = useGenuineTrigger(
    startFunction,
    null, // stopFn
    null, // resetFn
    isDetectionActive,
    isModelReady,
    {
      onStart: () => setIsDetectionActive(true),
      onStop: () => setIsDetectionActive(false)
    }
  )

  const handleFormSubmit = (e) => {
    e.preventDefault()
    triggerControls.startDetection() // Trigger on form submit
  }

  return (
    <form onSubmit={handleFormSubmit}>
      <GenuineWidgetEmbeddable
        onTokenIssued={handleTokenIssued}
        trigger="manualStart"
        onStartRef={setStartFunction}
      />
      <button type="submit">Submit Form</button>
    </form>
  )
}

Trigger Features:

  • βœ… Auto trigger: Start detection immediately when widget loads
  • βœ… Manual trigger: User clicks button to start detection
  • βœ… Manual start: Programmatic control via start function
  • βœ… useGenuineTrigger hook: Provides programmatic control methods
  • βœ… Status tracking: Know when detection is active and model is ready
  • βœ… Event callbacks: onStart, onStop, onReset callbacks
  • βœ… Flexible integration: Trigger on form submit, route change, suspicious activity, etc.

πŸ“€ Token Endpoint (Optional)

POST /api/verify-human

  • Header: Authorization: Bearer <token>
  • Body: { "token": "<token>" }

Returns:

{
  "valid": true,
  "reason": null,
  "gestureType": "headTilt",
  "expiresIn": 299,
  "issuedAt": "2025-01-06T20:00:00.000Z"
}

πŸ”§ Example Integration

import { GenuineWidgetEmbeddable, verifyToken } from 'genuine-verify-sdk';

function Demo() {
  const [status, setStatus] = useState<string | null>(null);

  const handleTokenIssued = async (payload: {
    token: string;
    metadata: {
      issuedAt: string;
      expiresAt: string;
      gestureType: string;
    };
  }) => {
    const result = await verifyToken(payload.token);
    setStatus(result.valid ? 'βœ… Valid' : '❌ Invalid');
  };

  return (
    <>
      <GenuineWidgetEmbeddable onTokenIssued={handleTokenIssued} />
      {status && <div>{status}</div>}
    </>
  );
}

πŸ“ Exports

Components

  • GenuineWidgetEmbeddable (main widget)

Utilities

  • verifyToken, `

Keywords

human-verification
captcha-alternative
face-detection
gesture-verification
privacy-first
react

FAQs

Package last updated on 12 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm β€˜is’ Package Hijacked in Expanding Supply Chain Attack

Security News

npm β€˜is’ Package Hijacked in Expanding Supply Chain Attack

The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.

By Kirill Boychenko, Sarah GoodingΒ  - Β Jul 22, 2025