npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@hcaptcha/react-native-hcaptcha

v4.0.0

Published

hCaptcha Library for React Native (both Android and iOS)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

brdlyptrsbrdlyptrshcaptcha-npmjshcaptcha-npmjs

Keywords

react-nativehcaptchacaptchamobileiosandroid

Readme

npm ci

react-native-hcaptcha

hCaptcha wrapper for React Native (Android and iOS)

Installation

  1. Install package:
  • Using NPM npm install @hcaptcha/react-native-hcaptcha
  • Using Yarn yarn add @hcaptcha/react-native-hcaptcha
  1. Import package: import ConfirmHcaptcha from '@hcaptcha/react-native-hcaptcha';

Full examples for expo and react-native, as well as debugging guides, are in MAINTAINER.md

Demo

See live demo in Snack.

Usage

See Example.App.js example in repo for a fully worked example implementation.

For users familiar with the hCaptcha JS API, calling show() in this wrapper triggers an hcaptcha.execute() call.

This means that if you are an Enterprise user with a 99.9% passive or purely passive sitekey configured, no additional work is required to get the expected behavior: either a visual challenge will be shown or a token will be returned immediately via onMessage, in accordance with your configuration.

Also, please note the following special message strings that can be returned via onMessage for error cases

The event returned by onMessage with success === true will be a passcode.

In practice, you should always provide onMessage. Without it, your app will not receive tokens, errors, or cancel events.

Basic modal usage

import React, { useRef } from 'react';
import ConfirmHcaptcha from '@hcaptcha/react-native-hcaptcha';

export default function Example() {
  const captchaRef = useRef(null);

  const onMessage = (event) => {
    if (!event?.nativeEvent?.data) {
      return;
    }

    if (event.success) {
      const token = event.nativeEvent.data;
      event.markUsed?.();
      captchaRef.current?.hide();
      return;
    }

    if (event.nativeEvent.data === 'challenge-closed') {
      captchaRef.current?.hide();
    }
  };

  return (
    <ConfirmHcaptcha
      ref={captchaRef}
      siteKey="your-site-key"
      baseUrl="https://hcaptcha.com"
      onMessage={onMessage}
    />
  );
}

Verification payloads with verifyParams

Use verifyParams for request data passed to hcaptcha.setData(...) immediately before each verification attempt.

<ConfirmHcaptcha
  ref={captchaRef}
  siteKey="your-site-key"
  baseUrl="https://hcaptcha.com"
  onMessage={onMessage}
  verifyParams={{
    rqdata: enterpriseRqdata,
    phonePrefix: '44',
    phoneNumber: '+44123456789',
  }}
/>

Legacy top-level rqdata, phonePrefix, and phoneNumber props still work, but verifyParams takes precedence and should be preferred for new code.

User Journeys (Enterprise)

Journey capture is opt-in at the captcha level through userJourney={true}.

By default, a captcha instance with userJourney={true} will:

  • attach the current shared journey buffer to its verification payload as userjourney
  • initialize the journey runtime on first use if needed
  • enable automatic app-wide touch capture while at least one userJourney captcha instance is mounted

Use initJourneyTracking() when you want to:

  • start journey tracking before the captcha component mounts
  • register a React Navigation container for automatic screen tracking
  • enable runtime debug/stats hooks
  • disable automatic touch capture with touchCapture: false while keeping the rest of User Journeys enabled
import ConfirmHcaptcha, {
  initJourneyTracking,
  registerJourneyNavigationContainer,
} from '@hcaptcha/react-native-hcaptcha';

initJourneyTracking({
  touchCapture: true,
});

// If you use React Navigation, register the container once the ref exists.
registerJourneyNavigationContainer(navigationRef);

<ConfirmHcaptcha
  ref={captchaRef}
  siteKey="your-site-key"
  baseUrl="https://hcaptcha.com"
  onMessage={onMessage}
  userJourney={true}
/>

If you are already holding a navigation container ref at init time, you can pass it directly:

initJourneyTracking({
  navigationContainerRef: navigationRef,
});

If you want to use the inline component with journeys enabled:

import { Hcaptcha, initJourneyTracking } from '@hcaptcha/react-native-hcaptcha';

initJourneyTracking();

<Hcaptcha
  siteKey="your-site-key"
  url="https://hcaptcha.com"
  onMessage={onMessage}
  userJourney={true}
/>

If you want userJourney verification payloads and navigation tracking, but do not want automatic app-wide touch capture:

initJourneyTracking({
  navigationContainerRef: navigationRef,
  touchCapture: false,
});

Automatic journey capture currently records:

  • React Navigation screen transitions
  • Basic taps
  • Basic drag gestures
  • Scroll-like gestures inferred from axis-dominant touch movement

Automatic journey capture intentionally does not record:

  • text input contents
  • search queries
  • text lengths or typed characters
  • visible button text as control identifiers

Inline component usage

If you want to manage the surrounding UI yourself, use the inline component:

import { Hcaptcha } from '@hcaptcha/react-native-hcaptcha';

<Hcaptcha
  siteKey="your-site-key"
  url="https://hcaptcha.com"
  onMessage={onMessage}
/>

Handling the post-issuance expiration lifecycle

This extension is a lightweight wrapper, and does not currently attempt to manage post-verification state in the same way as the web JS API, e.g. with an on-expire callback.

In particular, if you do not plan to immediately consume the passcode returned by submitting it to your backend, you should start a timer to let your application state know that a new passcode is required when it expires.

By default, this value is 120 seconds. So, an expired error will be emitted to onMessage if you haven't called event.markUsed().

Once you've utilized hCaptcha's token, call markUsed on the event object in onMessage:

  const onMessage = event => {
    if (event && event.nativeEvent.data) {
      if (event.nativeEvent.data === 'open') {
        // hCaptcha shown
      } else if (event.success) {
        captchaForm.current.hide();
        const token = event.nativeEvent.data;
        // utilize token and call markUsed once you are done with it
        event.markUsed();
      } else if (event.nativeEvent.data === 'challenge-closed') {
        captchaForm.current.hide();
      } else {
        // handle rest errors
      }
    }
  };

  const captchaForm = useRef(null);

  return (
    <ConfirmHcaptcha
      ref={captchaForm}
      siteKey={siteKey}
      languageCode="en"
      onMessage={onMessage}
    />
  );

Handling errors and retry

If your app encounters an error event, you can reset the hCaptcha SDK flow by calling event.reset() to perform another attempt at verification.

event.reset() rebuilds the verification payload from the current props and the current buffered journey immediately before retrying.

Dependencies

  1. react-native-webview

Building on iOS

Required frameworks/libraries

Your app must have the following frameworks/libraries linked:

  • libswiftWebKit.tbd
  • JavaScriptCore.framework

Flipper version

You must have a recent version of flipper to build this app. If you have upgraded React Native recently, your Flipper version may be out of date. This will cause compilation errors.

Your Podfile should be updated to something like:

  # Enables Flipper.
  #
  # Note that if you have use_frameworks! enabled, Flipper will not work and
  # you should disable these next few lines.
  use_flipper!({ 'Flipper-Folly' => '2.5.3', 'Flipper' => '0.87.0', 'Flipper-RSocket' => '1.3.1' })
  post_install do |installer|
    flipper_post_install(installer)
  end

If you encounter build-time errors related to Flipper.

Localization

Make sure the value you pass to languageCode is the one the user has set in your app if you allow them to override the system defaults.

Otherwise, you should pass in the preferred device locale, e.g. fetched from getLocales() if using react-native-localize.

Notes

  • The UI defaults to the "invisible" mode of the JS SDK, i.e. no checkbox is displayed.
  • If you need to test displaying the challenge modal, set your sitekey to "Always Challenge" mode in the hCaptcha dashboard.
  • You can import { Hcaptcha } from '@hcaptcha/react-native-hcaptcha'; to customize the UI yourself.
  • hCaptcha loading is restricted to a 15-second timeout; an error will be sent via onMessage if it fails to load due to network issues.

Journey Capture Caveats

  • Call initJourneyTracking() once and do it early. Events that happen before initialization are not captured.
  • Automatic app-wide touch capture is enabled by default while at least one captcha instance with userJourney={true} is mounted.
  • Automatic touch capture uses React Native's public AppRegistry.setWrapperComponentProvider(...) API.
  • This SDK composes with wrapper providers registered after it initializes by intercepting future calls to setWrapperComponentProvider(...).
  • React Native does not expose a getter for wrapper providers that were already registered before this SDK initialized. If another library installs a wrapper provider first, call initJourneyTracking() earlier or use touchCapture: false to avoid conflicts.
  • If you start with touchCapture: false, this SDK deliberately does not patch AppRegistry. If another library registers a wrapper provider during that disabled window and you later re-enable touch capture, hCaptcha cannot recover that earlier provider automatically. If you may toggle touch capture on later, initialize hCaptcha first or keep touchCapture enabled from the start.
  • Navigation capture is only automatic when you register a React Navigation container ref through initJourneyTracking({ navigationContainerRef }) or registerJourneyNavigationContainer(ref).
  • userJourney={true} controls whether the current buffered journey is attached to that captcha's verification request. It also enables automatic touch capture by default unless you disable that with initJourneyTracking({ touchCapture: false }).
  • The journey buffer is app-global and shared across captcha instances in the same process. This is intentional for the single-app, single-user case.
  • ConfirmHcaptcha.stopEvents() clears the shared buffered journey and detaches that ConfirmHcaptcha instance from journey attachment until you explicitly reconfigure it, for example by toggling userJourney off and back on.
  • Global journey capture can continue after stopEvents() if journey tracking was initialized, so later app events may still accumulate in the shared buffer for other consumers.
  • Successful verification clears the buffered journey. Error and cancel flows do not.
  • Automatic control identifiers are best-effort and prefer non-content metadata like nativeID, testID, and accessibilityLabel. If none are available, events may fall back to native view tags or "unknown".

MFA Phone Support

The SDK supports phone prefix and phone number parameters for MFA (Multi-Factor Authentication) flows. You can pass these parameters as props:

// Using phone prefix (country code without '+')
<ConfirmHcaptcha
  siteKey="your-site-key"
  phonePrefix="44"
  onMessage={onMessage}
/>

// Using phone number (full E.164 format)
<ConfirmHcaptcha
  siteKey="your-site-key"
  phoneNumber="+44123456789"
  onMessage={onMessage}
/>

For new code, prefer:

<ConfirmHcaptcha
  siteKey="your-site-key"
  baseUrl="https://hcaptcha.com"
  verifyParams={{
    phonePrefix: '44',
    phoneNumber: '+44123456789',
  }}
  onMessage={onMessage}
/>

Properties

| Name | Type | Description | |:---|:---|:---| | siteKey (required) | string | The hCaptcha siteKey | | size | string | The size of the widget, can be 'invisible', 'compact' or 'normal'. checkbox is also accepted as a legacy alias for normal. Default: 'invisible' | | onMessage | Function (see here) | Required. Runs after receiving a response, error, or when user cancels. | | languageCode | string | Default language for hCaptcha; overrides phone defaults. A complete list of supported languages and their codes can be found here | | showLoading | boolean | Whether to show a loading indicator while the hCaptcha web content loads | | closableLoading | boolean | Allow user to cancel hcaptcha during loading by touch loader overlay | | loadingIndicatorColor | string | Color of the ActivityIndicator | | backgroundColor | string | The background color code that will be applied to the main HTML element | | theme | string|object | The theme can be 'light', 'dark', 'contrast' or a custom theme object (see Enterprise docs) | | rqdata | string | Deprecated: Use rqdata in HCaptchaVerifyParams instead. Will be removed in future releases. See Enterprise docs. | | verifyParams | object | Verification payload overrides passed to hcaptcha.setData(...) immediately before verification. Supports rqdata, phonePrefix, and phoneNumber. | | userJourney | boolean | When true, attaches the current shared journey buffer to the verification payload as userjourney. It also enables automatic touch capture by default while a userJourney captcha instance is mounted. Use initJourneyTracking({ touchCapture: false }) to keep User Journeys enabled without automatic touch capture. | | sentry | boolean | sentry error reporting (see Enterprise docs) | | jsSrc | string | The url of api.js. Default: https://js.hcaptcha.com/1/api.js (Override only if using first-party hosting feature.) | | endpoint | string | Point hCaptcha JS Ajax Requests to alternative API Endpoint. Default: https://api.hcaptcha.com (Override only if using first-party hosting feature.) | | reportapi | string | Point hCaptcha Bug Reporting Request to alternative API Endpoint. Default: https://accounts.hcaptcha.com (Override only if using first-party hosting feature.) | | assethost | string | Points loaded hCaptcha assets to a user defined asset location, used for proxies. Default: https://newassets.hcaptcha.com (Override only if using first-party hosting feature.) | | imghost | string | Points loaded hCaptcha challenge images to a user defined image location, used for proxies. Default: https://imgs.hcaptcha.com (Override only if using first-party hosting feature.) | | host | string | hCaptcha SDK host identifier. null value means that it will be generated by SDK | | url (inline component only) | string | The url domain defined on your hCaptcha. You generally will not need to change this. | | style (inline component only) | ViewStyle (see here) | The webview style | | baseUrl (modal component only) | string | The url domain defined on your hCaptcha. You generally will not need to change this. | | passiveSiteKey (modal component only) | boolean | Indicates whether the passive mode is enabled; when true, the modal won't be shown at all | | hasBackdrop (modal component only) | boolean | Defines if the modal backdrop is shown (true by default). If hasBackdrop=false, backgroundColor will apply only after the hCaptcha visual challenge is presented. | | orientation | string | This specifies the "orientation" of the challenge. It can be portrait, landscape. Default: portrait | | phonePrefix | string | Optional phone country calling code (without '+'), e.g., "44". Used in MFA flows. | | phoneNumber | string | Optional full phone number in E.164 format ("+44123..."), for use in MFA. |

Journey API

initJourneyTracking(options?)

Installs automatic journey collection once for the app process.

Options:

  • navigationContainerRef: optional React Navigation container ref to register immediately
  • touchCapture: optional boolean, defaults to true. When false, keeps User Journeys enabled but disables automatic app-wide touch capture
  • debug: optional boolean to log emitted journey events to console.debug
  • onStats: optional callback for runtime diagnostics in tests or app instrumentation

registerJourneyNavigationContainer(ref)

Registers or replaces the React Navigation container used for automatic screen tracking.

ConfirmHcaptcha.stopEvents()

Clears the current shared journey buffer and detaches that ConfirmHcaptcha instance from journey attachment until it is explicitly reconfigured. A simple way to re-enable it is to toggle userJourney off and back on.

Status

Fully functional, but additional releases will be made in the near term.

Changes within the same major release are expected to be additive, i.e. non-breaking.

License

MIT License. (C) 2021 hCaptcha.

Credits: Originally forked from xuho and filipepiresg's Google reCAPTCHA v2 work. (MIT license)