Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

react-turnstile

Package Overview
Dependencies
Maintainers
1
Versions
12
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

react-turnstile

React library for Cloudflare's Turnstile CAPTCHA alternative

  • 1.1.2
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
40K
increased by19.48%
Maintainers
1
Weekly downloads
 
Created
Source

react-turnstile

A very simple React library for Cloudflare Turnstile.

Installation

npm i react-turnstile

Usage

import Turnstile, { useTurnstile } from "react-turnstile";

// ...

function TurnstileWidget() {
  const turnstile = useTurnstile();
  return (
    <Turnstile
      sitekey="1x00000000000000000000AA"
      onVerify={(token) => {
        fetch("/login", {
          method: "POST",
          body: JSON.stringify({ token }),
        }).then((response) => {
          if (!response.ok) turnstile.reset();
        });
      }}
    />
  );
}

Turnstile tokens expire after 5 minutes, to automatically reset the challenge once they expire, set the autoResetOnExpire prop to true or reset the widget yourself using the onExpire callback.

Reducing Layout Shift

The turnstile iframe initially loads as invisible before becoming visible and expanding to the expected widget size.

This causes Layout Shift and reduces your Cumulative Layout Shift score and UX.

This can be fixed with the fixedSize={true} option, which will force the wrapper div to be the specific size of turnstile.

Bound Turnstile Object

The Bound Turnstile Object is given as argument to all callbacks and allows you to call certain window.turnstile functions without having to store the widgetId yourself.

function Component() {
  return (
    <Turnstile
      executution="execute"
      onLoad={(widgetId, bound) => {
        // before:
        window.turnstile.execute(widgetId);
        // now:
        bound.execute();
      }}
    />
  );
}

Documentation

Turnstile takes the following arguments:

nametypedescription
sitekeystringsitekey of your website (REQUIRED)
actionstring-
cDatastring-
themestringone of "light", "dark", "auto"
languagestringoverride the language used by turnstile
tabIndexnumber-
responseFieldbooleancontrols generation of <input /> element
responseFieldNamestringchanges the name of <input /> element
sizestringone of "normal", "compact"
fixedSizebooleanfix the size of the <div /> to reduce layout shift
retrystringone of "auto", "never"
retryIntervalnumberinterval of retries in ms
appearancestringone of "always", "execute", "interaction-only"
executionstringone of "render", "execute"
idstringid of the div
refRefcustom react ref for the div
classNamestringpassed to the div
styleobjectpassed to the div

And the following callbacks:

nameargumentsdescription
onVerifytokencalled when challenge is passed
onLoadwidgetIdcalled when the widget is loaded
onErrorerrorcalled when an error occurs
onExpire-called when the token expires
onTimeouttokencalled when the challenge expires
onAfterInteractive-called when the challenge becomes interactive
onBeforeInteractive-called when the challenge no longer is interactive
onUnsupported-called when the browser is unsupported by Turnstile

The callbacks also take an additional BoundTurnstileObject which exposes certain functions of window.turnstile which are already bound to the current widget, so you don't need track the widgetId yourself.

For more details on what each argument does, see the Cloudflare Documentation.

FAQs

Package last updated on 18 Sep 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc