Gathering detailed insights and metrics for react-cookie-consent
Gathering detailed insights and metrics for react-cookie-consent
A small, simple and customizable cookie consent bar for use in React applications.
Installations
npm install react-cookie-consentDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=10
Node Version
20.8.0
NPM Version
10.2.0
Releases
9
Added visible prop
6.4.0
Updated on Sep 23, 2021
Fixed IE11 arrow function bug
6.2.3
Updated on Feb 19, 2021
Added the `getCookieConsentValue` to the dts file.
6.2.1
Updated on Dec 08, 2020
Added the exported function `getCookieConsentValue` to get the cookie value from custom code
6.2.0
Updated on Dec 06, 2020
6.1.0
6.1.0
Updated on Nov 29, 2020
6.0.0
6.0.0
Updated on Nov 02, 2020
Languages
3
TypeScript
JavaScript
Shell
TypeScript (97.17%)
JavaScript (2.45%)
Shell (0.38%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
619 Stars
214 Commits
83 Forks
4 Watchers
2 Branches
32 Contributors
Updated on Jul 09, 2025
Maintainers
1
Package Meta Information
Latest Version
9.0.0
Package Id
react-cookie-consent@9.0.0
Unpacked Size
175.91 kB
Size
32.23 kB
File Count
32
NPM Version
10.2.0
Node Version
20.8.0
Published on
Oct 16, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Dev Dependencies
22
:cookie: react-cookie-consent :cookie:
A small, simple and customizable cookie consent bar for use in React applications.
Demo (storybook): https://mastermindzh.github.io/react-cookie-consent/
Default look
Table of contents
- :cookie: react-cookie-consent :cookie:
Installation
1npm install react-cookie-consent
or use yarn:
1yarn add react-cookie-consent
Using it
You can import the cookie bar like this:
1import CookieConsent from "react-cookie-consent";
If you want to set/remove cookies yourself you can optionally import Cookies (straight from js-cookie) like this:
1import CookieConsent, { Cookies } from "react-cookie-consent";
Then you can use the component anywhere in your React app like so:
1<CookieConsent>This website uses cookies to enhance the user experience.</CookieConsent>
You can optionally set some props like this (next chapter will show all props):
1<CookieConsent 2 location="bottom" 3 buttonText="Sure man!!" 4 cookieName="myAwesomeCookieName2" 5 style={{ background: "#2B373B" }} 6 buttonStyle={{ color: "#4e503b", fontSize: "13px" }} 7 expires={150} 8> 9 This website uses cookies to enhance the user experience.{" "} 10 <span style={{ fontSize: "10px" }}>This bit of text is smaller :O</span> 11</CookieConsent>
One of the props (onAccept) is a function, this function will be called after the user has clicked the accept button. It is called with an object containing a boolean property acceptedByScrolling to indicate if the acceptance was triggered by the user scrolling You can provide a function like so:
1<CookieConsent 2 onAccept={(acceptedByScrolling) => { 3 if (acceptedByScrolling) { 4 // triggered if user scrolls past threshold 5 alert("Accept was triggered by user scrolling"); 6 } else { 7 alert("Accept was triggered by clicking the Accept button"); 8 } 9 }} 10></CookieConsent>
If the decline button is enabled then the (onDecline) prop function can be used, this function will be called after the user has clicked the decline button. You can enable the button and provide a function like so:
1<CookieConsent 2 enableDeclineButton 3 onDecline={() => { 4 alert("nay!"); 5 }} 6></CookieConsent>
getting the cookies value in your own code
react-cookie-consent exports a function called getCookieConsentValue(cookieName: string). You can use it in your own code like so:
1import CookieConsent, { Cookies, getCookieConsentValue } from "react-cookie-consent"; 2 3console.log(getCookieConsentValue("your_custom_cookie_name"));
reset the cookies value in your own code
react-cookie-consent exports a function called resetCookieConsentValue. You can use it in order to remove cookie in client-site:
1import CookieConsent, { Cookies, resetCookieConsentValue } from "react-cookie-consent"; 2 3console.log(resetCookieConsentValue());
That option would be interesting if you want to allow user to change their consent. If you want to show again the consent bar, you must force "visible" prop to show again the bar.
Props
| Prop | Type | Default value | Description |
|---|---|---|---|
| location | string, "top", "bottom" or "none" | "bottom" | Syntactic sugar to easily enable you to place the bar at the top or the bottom of the browser window. Use "none" to disable. |
| visible | string, "show", "hidden" or "byCookieValue" | "byCookieValue" | Force the consent bar visibility. If "byCookieValue", visibility are defined by cookie consent existence. |
| children | string or React component | Content to appear inside the bar | |
| disableStyles | boolean | false | If enabled the component will have no default style. (you can still supply style through props) |
| hideOnAccept | boolean | true | If disabled the component will not hide it self after the accept button has been clicked. You will need to hide yourself (see onAccept) |
| buttonText | string or React component | "I understand" | Text to appear on the button |
| declineButtonText | string or React component | "I decline" | Text to appear on the decline button |
| cookieName | string | "CookieConsent" | Name of the cookie used to track whether the user has agreed. Note that you also have to pass this to the getCookieConsentValue and resetCookieConsentValue functions as they default to "CookieConsent" as well. |
| cookieValue | string or boolean or number | true | Value to be saved under the cookieName. |
| declineCookieValue | string or boolean or number | false | Value to be saved under the cookieName when declined. |
| setDeclineCookie | boolean | true | Whether to set a cookie when the user clicks "decline" |
| onAccept | function | () => {} | Function to be called after the accept button has been clicked. |
| onDecline | function | () => {} | Function to be called after the decline button has been clicked. |
| debug | boolean | undefined | Bar will be drawn regardless of cookie for debugging purposes. |
| expires | number | 365 | Number of days before the cookie expires. |
| extraCookieOptions | object | {} | Extra info (apart from expiry date) to add to the cookie |
| overlay | boolean | false | Whether to show a page obscuring overlay or not. |
| containerClasses | string | "" | CSS classes to apply to the surrounding container |
| buttonClasses | string | "" | CSS classes to apply to the button |
| buttonWrapperClasses | string | "" | CSS classes to apply to the div wrapping the buttons |
| customButtonWrapperAttributes | React.HTMLAttributes<HTMLDivElement> | {} | Allows you to set custom (data) attributes on the button wrapper div |
| declineButtonClasses | string | "" | CSS classes to apply to the decline button |
| buttonId | string | "" | Id to apply to the button |
| declineButtonId | string | "" | Id to apply to the decline button |
| contentClasses | string | "" | CSS classes to apply to the content |
| overlayClasses | string | "" | CSS classes to apply to the surrounding overlay |
| style | object | look at source | React styling object for the bar. |
| buttonStyle | object | look at source | React styling object for the button. |
| declineButtonStyle | object | look at source | React styling object for the decline button. |
| contentStyle | object | look at source | React styling object for the content. |
| overlayStyle | object | look at source | React styling object for the overlay. |
| disableButtonStyles | boolean | false | If enabled the button will have no default style. (you can still supply style through props) |
| enableDeclineButton | boolean | false | If enabled the decline button will be rendered |
| flipButtons | boolean | false | If enabled the accept and decline buttons will be flipped |
| ButtonComponent | React component | button | React Component to render as a button. |
| sameSite | string, "strict", "lax" or "none" | none | Cookies sameSite attribute value |
| cookieSecurity | boolean | undefined | Cookie security level. Defaults to true unless running on http. |
| ariaAcceptLabel | string | Accept cookies | Aria label to set on the accept button |
| ariaDeclineLabel | string | Decline cookies | Aria label to set on the decline button |
| acceptOnScroll | boolean | false | Defines whether "accept" should be fired after the user scrolls a certain distance (see acceptOnScrollPercentage) |
| acceptOnScrollPercentage | number | 25 | Percentage of the page height the user has to scroll to trigger the accept function if acceptOnScroll is enabled |
| customContentAttributes | object | {} | Allows you to set custom (data) attributes on the content div |
| customContainerAttributes | object | {} | Allows you to set custom (data) attributes on the container div |
| onOverlayClick | function | () => {} | allows you to react to a click on the overlay |
| acceptOnOverlayClick | boolean | false | Determines whether the cookies should be accepted after clicking on the overlay |
| customButtonProps | object | {} | Allows you to set custom props on the button component |
| customDeclineButtonProps | object | {} | Allows you to set custom props on the decline button component |
Debugging it
Because the cookie consent bar will be hidden once accepted, you will have to set the prop debug={true} to evaluate styling changes:
1<CookieConsent debug={true}></CookieConsent>
Note: Don't forget to remove the debug-property for production.
Why are there two cookies? One of which named "Legacy"
The short story is that some browsers don't support the SameSite=None attribute. The modern browsers force you to have SameSite set to something other than none.
So react-cookie-consent fixes this like so:
- set the fallback cookie (e.g -legacy) first, this will always succeed (on all browsers)
- set the correct cookie second (this will work on modern browsers, fail on older ones)
This happens on lines 29-37
When checking the cookie it'll do it in reverse. If the regular cookie exists, it'll use that. If no regular cookie exists it'll check whether the legacy cookie exists. If both are non-existent no consent was given.
The long story can be found here: pull-request#68
Styling it
You can provide styling for the bar, the button and the content. Note that the bar has a display: flex property as default and is parent to its children "content" and "button".
The styling behaves kind of responsive. The minimum content width has been chosen to be "300px" as a default value. If the button does not fit into the same line it is wrapped around into the next line.
You can style each component by using the style, buttonStyle and contentStyle prop. These will append / replace the default styles of the components.
Alternatively you can provide CSS classnames as containerClasses, buttonClasses and contentClasses to apply predefined CSS classes.
You can use disableStyles={true} to disable any built-in styling.
Examples
Changing the bar background to red
1<CookieConsent style={{ background: "red" }}></CookieConsent>
Changing the button font-weight to bold
1<CookieConsent buttonStyle={{ fontWeight: "bold" }}></CookieConsent>
Using predefined CSS classes
You can pass predefined CSS classes to the components using the containerClasses, buttonClasses and contentClasses props. The example below uses bootstrap classes:
1<CookieConsent 2 disableStyles={true} 3 location={OPTIONS.BOTTOM} 4 buttonClasses="btn btn-primary" 5 containerClasses="alert alert-warning col-lg-12" 6 contentClasses="text-capitalize" 7> 8 This website uses cookies to enhance the user experience.{" "} 9 <span style={{ fontSize: "10px" }}>This bit of text is smaller :O</span> 10</CookieConsent>
Which results in:
Accept on scroll
You can make the cookiebar disappear after scrolling a certain percentage using acceptOnScroll and acceptOnScrollPercentage. It is legal in some use-cases, Italy being one of them. Consult your legislation on whether this is allowed.
1<CookieConsent 2 acceptOnScroll={true} 3 acceptOnScrollPercentage={50} 4 onAccept={(byScroll) => { 5 alert(`consent given. \n\n By scrolling? ${byScroll}`); 6 }} 7> 8 Hello scroller :) 9</CookieConsent>
Flipping the buttons
If you enable the decline button you can pass along the "flipButtons" property to turn the buttons around:
1<CookieConsent enableDeclineButton flipButtons> 2 Flipped buttons 3</CookieConsent>
Which results in:
Extra cookie options
You can add more cookie options using the extraCookieOptions parameter like so:
1<CookieConsent extraCookieOptions={{ domain: "myexample.com" }}>cookie bar</CookieConsent>
Rainbows
If you're crazy enough you can even make a rainbow colored bar:
1<CookieConsent 2 buttonText="OMG DOUBLE RAINBOW" 3 cookieName="myAwesomeCookieName2" 4 style={{ 5 background: "linear-gradient(to right, orange , yellow, green, cyan, blue, violet)", 6 textShadow: "2px 2px black", 7 }} 8 buttonStyle={{ 9 background: "linear-gradient(to left, orange , yellow, green, cyan, blue, violet)", 10 color: "white", 11 fontWeight: "bolder", 12 textShadow: "2px 2px black", 13 }} 14> 15 This website uses cookies to enhance the user experience.{" "} 16 <span style={{ fontSize: "10px" }}>This bit of text is smaller :O</span> 17</CookieConsent>
Overlay
You can also generate a page-obfuscating overlay that will prevent actions other than interacting with the cookie consent button(s).
1<CookieConsent location="bottom" cookieName="myAwesomeCookieName3" expires={999} overlay> 2 This website uses cookies to enhance the user experience. 3</CookieConsent>
Contributor information
When making a PR please think about the following things:
- Update the ChangeLog (or include what you did in the PR and I'll add it, up to you)
- No need to build or update the package.json. I will do both on release.
- Please don't change code convention / style
Projects using react-cookie-consent
The list below features the projects which use react-cookie-consent (that I know off):
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/24 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/gh-pages.yml:4
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/gh-pages.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/gh-pages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/main.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/size.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Mastermindzh/react-cookie-consent/size.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/gh-pages.yml:14
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Reason
38 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More