@bonhomie/react-security
Version:
A frontend security layer for React: devtools detection, screenshot blocking, anti-iframe, tamper detection, watermarking, and more.
387 lines (284 loc) β’ 7.64 kB
Markdown
# @bonhomie/react-security
<p align="center">
<img src="https://img.shields.io/npm/v/@bonhomie/react-security?color=blue&label=npm%20version" />
<img src="https://img.shields.io/npm/dm/@bonhomie/react-security?color=orange&label=downloads" />
<img src="https://img.shields.io/bundlephobia/min/@bonhomie/react-security?color=yellow&label=minified" />
<img src="https://img.shields.io/github/license/bonhomie/react-security?color=green&label=license" />
</p>
<p align="center">
π A powerful React security toolkit for modern apps:
DevTools detection, screenshot blocking, anti-inspect, anti-iframe, tamper detection, watermarks,
lock screen UI, VPN detection, AI screenshot detection, and more.
</p>
# π Install
```bash
npm install @bonhomie/react-security
````
# β¨ Feature Matrix
| Feature | Low | Medium | High |
| -------------------------- | -------- | -------- | -------- |
| DevTools Detection | β | β | β |
| Screenshot Block | β | β | β |
| Copy/Paste Block | β | β | β |
| RightβClick Block | β | β | β |
| Route Tamper Detection | β | β | β |
| Anti-Iframe Lock | β | β | β |
| Lock Screen | β | β | β |
| Noise Overlay | β | β | β |
| Watermark | Optional | Optional | β |
| Auto-Logout | β | Optional | Optional |
| AI Screenshot Detection | Optional | Optional | β |
| VPN Detection | Optional | Optional | β |
| Keystroke Tamper Detection | Optional | Optional | β |
# 𧩠Basic Usage (Recommended)
```jsx
import {
ReactSecurityProvider,
SecurePage,
AntiIframe,
BlockInspect
} from "@bonhomie/react-security";
export default function App() {
return (
<ReactSecurityProvider level="high">
<AntiIframe>
<BlockInspect>
<SecurePage>
<Dashboard />
</SecurePage>
</BlockInspect>
</AntiIframe>
</ReactSecurityProvider>
);
}
```
# π Security Levels (Presets)
### **LOW**
```js
{
blockDevTools: true,
blockScreenshot: false,
blockCopy: false,
lockOnSuspicious: false,
autoLogout: false,
noiseOverlay: false
}
```
### **MEDIUM** (recommended for SaaS)
```js
{
blockDevTools: true,
blockScreenshot: true,
blockCopy: true,
lockOnSuspicious: true,
showLockOverlay: true
}
```
### **HIGH** (fintech, exam apps, dashboards)
```js
{
blockDevTools: true,
blockScreenshot: true,
blockCopy: true,
noiseOverlay: true,
lockOnSuspicious: true,
showLockOverlay: true,
enableWatermark: true
}
```
# βοΈ Provider Configuration (Advanced)
```jsx
<ReactSecurityProvider
level="medium"
config={{
blockScreenshot: true,
blockDevTools: true,
blockCopy: true,
lockOnSuspicious: true,
autoLogout: true,
noiseOverlay: true,
enableWatermark: true,
watermarkText: "Protected by Bonhomie Security",
showUnlockButton: true,
onDetect: (type) => console.log("Suspicious:", type),
onLogout: () => logoutUser()
}}
>
<App />
</ReactSecurityProvider>
```
# π‘ Components
## π `<SecurePage />`
Protects a page with:
* Blur on suspicious activity
* Lock screen overlay
* Noise overlay
* AI / screenshot watermark
* Event-based warnings
```jsx
<SecurePage blurAmount="6px">
<Dashboard />
</SecurePage>
```
## 𧱠`<BlockInspect />`
Blocks:
* F12
* Ctrl+Shift+I
* Ctrl+Shift+J
* Ctrl+U
* Right-click
* Mobile long-press
* Mobile zoom inspect
```jsx
<BlockInspect>
<ProtectedContent />
</BlockInspect>
```
## π `<AntiIframe />`
Prevents your app from loading inside an iframe.
```jsx
<AntiIframe>
<App />
</AntiIframe>
```
# πͺ Hooks Reference
## useDevtoolsDetect
```js
useDevtoolsDetect({
enabled: true,
onDetect: () => console.log("DevTools opened")
});
```
## useScreenshotBlock
```js
useScreenshotBlock({
blockPrintScreen: true,
onScreenshotAttempt: () => alert("Screenshot blocked")
});
```
## useClipboardLock
```js
useClipboardLock({
blockCopy: true,
blockPaste: true,
onBlock: (type) => console.log("Blocked:", type),
});
```
## useRouteTamperGuard
```js
useRouteTamperGuard({
allowedRoutes: ["/dashboard"],
redirectTo: "/warning"
});
```
## useGhostingDetect
Detects synthetic key events / bot keystrokes.
```js
useGhostingDetect({
onGhost: () => console.warn("Ghost keystroke detected!")
});
```
## useKeystrokeTamper
Detects tampering with keydown/keyup sequences.
```js
useKeystrokeTamper({
onTamper: () => alert("Keystroke tampering detected!")
});
```
# π§ Utilities
All available under:
```js
import { detectVPN, aiScreenshotDetect } from "@bonhomie/react-security";
```
* `detectVPN()` β lightweight VPN/proxy detector
* `aiScreenshotDetect()` β detects suspicious brightness/frame dips
* `watermark.generateDynamic()` β dynamic rotating watermark
* `events.emitSecurityEvent()` β provider-level triggers
# 𧱠Recommended Patterns
### 1οΈβ£ Wrap entire app
```jsx
<ReactSecurityProvider level="high">
<AntiIframe>
<BlockInspect>
<SecurePage>
<App />
</SecurePage>
</BlockInspect>
</AntiIframe>
</ReactSecurityProvider>
```
### 2οΈβ£ Use `<SecurePage>` only where necessary
Avoid wrapping public pages for performance.
### 3οΈβ£ Combine route tamper guard + lock UI
Makes cheating very hard.
### 4οΈβ£ Set `autoLogout: true` in high-risk environments (fintech/exams)
# π’ Enterprise Integration
This package is ideal for:
* **Fintech dashboards**
* **KYC/AML platforms**
* **Exam/testing portals**
* **Internal admin dashboards**
* **SaaS with proprietary content**
* **AI model preview tools**
* **Video/streaming with DRM-lite protection**
Recommended settings:
```js
<ReactSecurityProvider
level="high"
config={{
autoLogout: true,
enableWatermark: true,
noiseOverlay: true,
lockOnSuspicious: true,
aiScreenshot: true,
vpnCheck: true
}}
>
```
# π SSR Notes (Next.js / Remix)
This library is **client-only**.
For SSR:
```jsx
"use client";
import { ReactSecurityProvider } from "@bonhomie/react-security";
```
Avoid running hooks during SSR β provider handles this already.
# π Troubleshooting
### β Screenshot still works?
* Windows Snipping Tool bypasses DOM APIs sometimes
* Enable `noiseOverlay` + `enableWatermark`
* Consider backend watermarking for images
### β DevTools not detected?
Chrome DevTools detection is browser-dependent; mix with:
* zoom detection
* route tamper
* key combos
* screenshot watermark
### β Locked screen wonβt unlock?
Ensure provider includes:
```js
showUnlockButton: true
```
### β Running inside iframe?
Ensure domain isnβt embedding itself (like preview tools).
# π License
MIT β free for personal & commercial use.
# π¨βπ» Author
Made with care by **Bonhomie**
Full-stack Web & Mobile Developer