Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
react-recaptcha
Advanced tools
A react.js reCAPTCHA for Google. The FREE anti-abuse service. Easy to add, advanced security, accessible to wide range of users and platforms.
reCAPTCHA is a free service that protects your site from spam and abuse. It uses advanced risk analysis engine to tell humans and bots apart. With the new API, a significant number of your valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA (See blog for more details). reCAPTCHA comes in the form of a widget that you can easily add to your blog, forum, registration form, etc.
See the details.
To use reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret. The site key is used to display the widget on your site. The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret needs to be kept safe for security purposes.
Install package via node.js
$ npm install --save react-recaptcha
You can see the full example by following steps.
$ npm install
$ npm start
open the http://localhost:3000
in your browser.
Node >= v6 is required for this package. Run node -v
in your command prompt if you're unsure which Node version you have installed.
Html example code:
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="build/react.js"></script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<div id="example"></div>
<script src="build/index.js"></script>
</body>
</html>
Jsx example code: build/index.js
var Recaptcha = require('react-recaptcha');
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
/>,
document.getElementById('example')
);
Deferring the render can be achieved by specifying your onload callback function and adding parameters to the JavaScript resource.
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="build/react.js"></script>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>
</head>
<body>
<div id="example"></div>
<script src="build/index.js"></script>
</body>
</html>
Jsx example code: build/index.js
var Recaptcha = require('react-recaptcha');
// specifying your onload callback function
var callback = function () {
console.log('Done!!!!');
};
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
render="explicit"
onloadCallback={callback}
/>,
document.getElementById('example')
);
Define verify Callback function
var Recaptcha = require('react-recaptcha');
// specifying your onload callback function
var callback = function () {
console.log('Done!!!!');
};
// specifying verify callback function
var verifyCallback = function (response) {
console.log(response);
};
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
render="explicit"
verifyCallback={verifyCallback}
onloadCallback={callback}
/>,
document.getElementById('example')
);
Change the color theme of the widget. Please theme
property light|dark
. Default value is light
.
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
theme="dark"
/>,
document.getElementById('example')
);
Change the type of CAPTCHA to serve. Please type
property audio|image
. Default value is image
.
ReactDOM.render(
<Recaptcha
sitekey="xxxxxxxxxxxxxxxxxxxx"
type="audio"
/>,
document.getElementById('example')
);
The reCAPTCHA widget can be manually reset by accessing the component instance via a callback ref and calling .reset()
on the instance.
var Recaptcha = require('react-recaptcha');
// create a variable to store the component instance
let recaptchaInstance;
// create a reset function
const resetRecaptcha = () => {
recaptchaInstance.reset();
};
ReactDOM.render(
<div>
<Recaptcha
ref={e => recaptchaInstance = e}
sitekey="xxxxxxxxxxxxxxxxxxxx"
/>
<button
onClick={resetRecaptcha}
>
Reset
</button>
</div>,
document.getElementById('example')
);
The following props can be passed into the React reCAPTCHA component. These can also be viewed in the source code
className
: the class for the reCAPTCHA div.onloadCallbackName
: the name of your onloadCallback function (see onloadCallback
below).elementID
: the #id for the reCAPTCHA div.onloadCallback
: the callback to pass into the reCAPTCHA API if rendering the reCAPTCHA explicitly.verifyCallback
: the callback that fires after reCAPTCHA has verified a user.expiredCallback
: optional. A callback to pass into the reCAPTCHA if the reCAPTCHA response has expired.render
: specifies the render type for the component (e.g. explicit), see onloadCallback
and explicit rendering.sitekey
: the sitekey for the reCAPTCHA widget, obtained after signing up for an API key.theme
: the color theme for the widget, either light or dark.type
: the type of reCAPTCHA you'd like to render, list of reCAPTCHA types available here.verifyCallbackName
: the name of your verifyCallback function, see verifyCallback
above.expiredCallbackName
: the name of your expiredCallbackName function, see expiredCallback
above.size
: the desired size of the reCAPTCHA widget, can be either 'compact' or 'normal'.tabindex
: optional: The tabindex of the widget and challenge. If other elements in your page use tabindex, it should be set to make user navigation easier. More info on tabindex available here.hl
: optional. Forces the widget to render in a specific language. Auto-detects the user's language if unspecified. List of language codes available here.badge
: optional. Reposition the reCAPTCHA badge. 'inline' allows you to control the CSS.If not specified when rendering the component, the following props will be passed into the reCAPTCHA widget:
{
elementID: 'g-recaptcha',
onloadCallback: undefined,
onloadCallbackName: 'onloadCallback',
verifyCallback: undefined,
verifyCallbackName: 'verifyCallback',
expiredCallback: undefined,
expiredCallbackName: 'expiredCallback',
render: 'onload',
theme: 'light',
type: 'image',
size: 'normal',
tabindex: '0',
hl: 'en',
badge: 'bottomright',
};
Use the invisible reCAPTCHA by setting size
prop to 'invisible'. Since it is invisible, the reCAPTCHA widget must be executed programatically.
var Recaptcha = require('react-recaptcha');
// create a variable to store the component instance
let recaptchaInstance;
// manually trigger reCAPTCHA execution
const executeCaptcha = function () {
recaptchaInstance.execute();
};
// executed once the captcha has been verified
// can be used to post forms, redirect, etc.
const verifyCallback = function (response) {
console.log(response);
document.getElementById("someForm").submit();
};
ReactDOM.render(
<div>
<form id="someForm" action="/search" method="get">
<input type="text" name="query">
</form>
<button
onClick={executeCaptcha}
>
Submit
</button>
<Recaptcha
ref={e => recaptchaInstance = e}
sitekey="xxxxxxxxxxxxxxxxxxxx"
size="invisible"
verifyCallback={verifyCallback}
/>
</div>,
document.getElementById('example')
);
FAQs
A react.js reCAPTCHA for Google
The npm package react-recaptcha receives a total of 22,679 weekly downloads. As such, react-recaptcha popularity was classified as popular.
We found that react-recaptcha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.