Product
Introducing Reports: An Extensible Reporting Framework for Socket Data
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.
By André Staltz - Apr 21, 2026
Launch Week Day 1: Socket for Jira Is Now Available.Learn More →
react-turnstile
Advanced tools
react-turnstile
A very simple React library for Cloudflare Turnstile.
Installation
npm i react-turnstile
Usage
import { Turnstile, useTurnstile } from "react-turnstile";
// ...
function TurnstileWidget() {
const turnstile = useTurnstile();
return (
<Turnstile
sitekey="1x00000000000000000000AA"
onVerify={(token) => {
fetch("/login", {
method: "POST",
body: JSON.stringify({ token }),
}).then((response) => {
if (!response.ok) turnstile.reset();
});
}}
/>
);
}
Turnstile tokens expire after 5 minutes, to automatically reset the challenge once they expire,
set the refreshExpired prop to 'auto' or reset the widget yourself using the onExpire callback.
Reducing Layout Shift
The turnstile iframe initially loads as invisible before becoming visible and expanding to the expected widget size.
This causes Layout Shift and reduces your Cumulative Layout Shift score and UX.
This can be fixed with the fixedSize={true} option, which will force the
wrapper div to be the specific size of turnstile.
Bound Turnstile Object
The Bound Turnstile Object is given as argument to all callbacks and allows you
to call certain window.turnstile functions without having to store the widgetId
yourself.
function Component() {
return (
<Turnstile
execution="execute"
onLoad={(widgetId, bound) => {
// before:
window.turnstile.execute(widgetId);
// now:
bound.execute();
}}
/>
);
}
Documentation
Turnstile takes the following arguments:
| name | type | description |
|---|---|---|
| sitekey | string | sitekey of your website (REQUIRED) |
| action | string | - |
| cData | string | - |
| theme | string | one of "light", "dark", "auto" |
| language | string | override the language used by turnstile |
| tabIndex | number | - |
| responseField | boolean | controls generation of <input /> element |
| responseFieldName | string | changes the name of <input /> element |
| size | string | one of "normal", "compact", "flexible" |
| fixedSize | boolean | fix the size of the <div /> to reduce layout shift |
| retry | string | one of "auto", "never" |
| retryInterval | number | interval of retries in ms |
| refreshExpired | string | one of "auto", "manual", "never" |
| appearance | string | one of "always", "execute", "interaction-only" |
| execution | string | one of "render", "execute" |
| id | string | id of the div |
| userRef | Ref | custom react ref for the div |
| className | string | passed to the div |
| style | object | passed to the div |
And the following callbacks:
| name | arguments | description |
|---|---|---|
| onVerify | token | called when challenge is passed |
| onSuccess | token, preClearanceObtained | called when challenge is passed |
| onLoad | widgetId | called when the widget is loaded |
| onError | error | called when an error occurs |
| onExpire | - | called when the token expires |
| onTimeout | token | called when the challenge expires |
| onAfterInteractive | - | called when the challenge becomes interactive |
| onBeforeInteractive | - | called when the challenge no longer is interactive |
| onUnsupported | - | called when the browser is unsupported by Turnstile |
The callbacks also take an additional BoundTurnstileObject which exposes
certain functions of window.turnstile which are already bound to the
current widget, so you don't need track the widgetId yourself.
For more details on what each argument does, see the Cloudflare Documentation.
FAQs
React library for Cloudflare's Turnstile CAPTCHA alternative
The npm package react-turnstile receives a total of 98,233 weekly downloads. As such, react-turnstile popularity was classified as popular.
We found that react-turnstile demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket for Jira Is Now Available
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.
By Jeppe Hasseriis - Apr 20, 2026
Company News
Socket Named Top Sales Organization by RepVue
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
By Sarah Gooding - Apr 17, 2026