Gathering detailed insights and metrics for react-square-web-payments-sdk
Gathering detailed insights and metrics for react-square-web-payments-sdk
Easily create PCI-compliant inputs to accept payments online with the Square Payments API. It supports the following payment methods: credit and debit cards, ACH bank transfers, Apple Pay, Google Pay, Gift Cards and Afterpay/Clearpay.
Installations
npm install react-square-web-payments-sdkDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
20.16.0
NPM Version
10.8.1
Releases
63
Languages
2
TypeScript
Shell
TypeScript (99.93%)
Shell (0.07%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
45 Stars
444 Commits
45 Forks
4 Watchers
7 Branches
13 Contributors
Updated on Jul 03, 2025
Maintainers
1
Package Meta Information
Latest Version
3.2.4-beta.1
Package Id
react-square-web-payments-sdk@3.2.4-beta.1
Unpacked Size
321.86 kB
Size
70.54 kB
File Count
211
NPM Version
10.8.1
Node Version
20.16.0
Published on
Mar 17, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Peer Dependencies
1
Dev Dependencies
27
@size-limit/preset-big-lib@size-limit/webpack-why@testing-library/jest-dom@testing-library/react@types/node@types/react@typescript-eslint/eslint-plugin@typescript-eslint/parser@vitejs/plugin-reactc8eslinteslint-config-prettiereslint-plugin-jsx-a11yeslint-plugin-reactjsdomnpm-run-allprettierprettier-plugin-jsdocreactreact-domrimrafsize-limittsc-aliastypescriptvitevite-tsconfig-pathsvitest
react-square-web-payments-sdk
react-square-web-payments-sdk lets you easily create PCI-compliant inputs to accept payments online with the Square Payments API. It supports the following payment methods: credit and debit cards, ACH bank transfers, Apple Pay, Google Pay, and Gift Cards.
Install
This one is pretty simple, everyone knows what to do:
NPM
1npm install react-square-web-payments-sdk
Yarn
1yarn add react-square-web-payments-sdk
Usage
1// Dependencies 2import * as React from 'react'; 3import { CreditCard, PaymentForm } from 'react-square-web-payments-sdk'; 4 5const MyPaymentForm = () => ( 6 <PaymentForm 7 /** 8 * Identifies the calling form with a verified application ID generated from 9 * the Square Application Dashboard. 10 */ 11 applicationId="sq0idp-Y0QZQ-Xx-Xx-Xx-Xx" 12 /** 13 * Invoked when payment form receives the result of a tokenize generation 14 * request. The result will be a valid credit card or wallet token, or an error. 15 */ 16 cardTokenizeResponseReceived={(token, buyer) => { 17 console.info({ token, buyer }); 18 }} 19 /** 20 * This function enable the Strong Customer Authentication (SCA) flow 21 * 22 * We strongly recommend use this function to verify the buyer and reduce 23 * the chance of fraudulent transactions. 24 */ 25 createVerificationDetails={() => ({ 26 amount: '1.00', 27 /* collected from the buyer */ 28 billingContact: { 29 addressLines: ['123 Main Street', 'Apartment 1'], 30 familyName: 'Doe', 31 givenName: 'John', 32 countryCode: 'GB', 33 city: 'London', 34 }, 35 currencyCode: 'GBP', 36 intent: 'CHARGE', 37 })} 38 /** 39 * Identifies the location of the merchant that is taking the payment. 40 * Obtained from the Square Application Dashboard - Locations tab. 41 */ 42 locationId="LID" 43 > 44 <CreditCard /> 45 </PaymentForm> 46); 47 48export default MyPaymentForm;
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Contributors ✨
Contributions, issues and feature requests are welcome!
Feel free to check issues page. You can also take a look at the contributing guide.
Thanks goes to these wonderful people (emoji key):
 Daniel Esteves 💻 📖 💡 ⚠️ |  Rowland Saer 📖 |  Hleb Siamionau 💻 |  Gabriel De Andrade 💻 📖 💡 |
This project follows the all-contributors specification. Contributions of any kind welcome!
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 8/16 approved changesets -- score normalized to 5
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/size.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/weareseeed/react-square-web-payments-sdk/size.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:18
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
- Warn: branch protection not enabled for branch 'canary'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Reason
33 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More