Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
react-qr-reader-rokl
Advanced tools
Introduction
A React component for reading QR codes from the webcam. It uses the WebRTC standards for reading webcam data and zxing-js is used for detecting QR codes in that data. To optimise the speed and experience, a web-worker is used to offload the heavy QR code algorithm on a separate process. The web worker is inlined and loaded on creation of the component.
Known Issues
- Server side rendering won't work so only require the component when rendering in a browser environment.
- Due to browser implementations the camera can only be accessed over https or localhost.
- In Firefox a prompt will be shown to the user asking which camera to use, so
facingModewill not affect it. - On IOS 11 it is only supported on Safari and not on Chrome or Firefox due to Apple making the API not available to 3rd party browsers.
Install
npm install --save roklenarcic-reader
Example
import React, { Component } from 'react'
import QrReader from 'roklenarcic-reader'
class Test extends Component {
state = {
result: 'No result'
}
handleScan = data => {
if (data) {
this.setState({
result: data
})
}
}
handleError = err => {
console.error(err)
}
render() {
return (
<div>
<QrReader
delay={300}
onError={this.handleError}
onScan={this.handleScan}
style={{ width: '100%' }}
/>
<p>{this.state.result}</p>
</div>
)
}
}
Props
Events
| Prop | Argument | Description |
|---|---|---|
| onScan | result,binary | Scan event handler. Called every scan with the decoded text and decoded bytes or null if no QR code was found. |
| onError | Error | Called when an error occurs. |
| onLoad | object | Called when the component is ready for use. Object properties are mirrorVideo: boolean, streamLabel: string |
| onImageLoad | img onLoad event | Called when the image in legacyMode is loaded. |
Options
| Prop | Type | Default | Description |
|---|---|---|---|
| delay | number or false | 500 | The delay between scans in milliseconds. To disable the interval pass in false. |
| facingMode | user or environment | environment | Specify which camera should be used (if available). |
| resolution | number | 600 | The resolution of the video (or image in legacyMode). Larger resolution will increase the accuracy but it will also slow down the processing time. |
| style | a valid React style | none | Styling for the container element. Warning The preview will always keep its 1:1 aspect ratio. |
| className | string | none | ClassName for the container element. |
| showViewFinder | boolean | true | Show or hide the build in view finder. See demo |
| constraints | object | null | Use custom camera constraints that the override default behavior. MediaTrackConstraints |
| legacyMode | boolean | false | If the device does not allow camera access (e.g. IOS Browsers, Safari) you can enable legacyMode to allow the user to take a picture (On a mobile device) or use an existing one. To trigger the image dialog just call the method openImageDialog from the parent component. Warning You must call the method from a user action (eg. click event on some element). |
| characterSet | string | none | Specify character set of the code, like "ISO-8859-2" |
Dev
Install dependencies
npm install
Build
npm run build
Demo
npm run storybook
Linting
npm run lint
Tested platforms
- Chrome macOs & Android
- Firefox macOs & Android
- Safari macOs & IOS
License
Copyright (c) 2020 Rok Lenarčič
This file is free software: you may copy, redistribute and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see https://www.gnu.org/licenses/.
This project incorporates work covered by the following copyright and
permission notice:
The MIT License (MIT)
Copyright (c) 2018 Thomas Billiet
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
and notice:
The MIT License (MIT)
Copyright (c) 2019 Paulo Cesar
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
QR Code Scanner
We found that react-qr-reader-rokl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025