Cap: A Proof-of-Work CAPTCHA Alternative

Project Description

Cap is a lightweight, modern, open-source CAPTCHA alternative that utilizes SHA-256 proof-of-work. It aims to be a fast, private, and easy-to-integrate solution for verifying user authenticity, designed as a drop-in replacement for existing CAPTCHA systems with a focus on performance and user experience. Cap is built with JavaScript and runs on any JS runtime (Bun, Node.js, Deno). For non-JS environments, a standalone Docker image is available.

It consists of two main parts: - @cap.js/widget: A JavaScript library for rendering the CAPTCHA and solving challenges using Web Workers and WASM. - @cap.js/server: A zero-dependencies library for creating and validating challenges on the server-side.

Additional helpful packages and features include: - @cap.js/solver: A server-side solver for machine-to-machine interactions. - @cap.js/cli: A command-line interface for solving CAPTCHAs, primarily for testing or environments without JavaScript browser support. - Standalone mode: A Docker image providing a simple REST API and interactive UI for challenge creation/validation, allowing use with any language/framework. - @cap.js/wasm: Experimental WASM solvers built with Rust. - Checkpoint middleware: Libraries like @cap.js/checkpoint-hono, @cap.js/checkpoint-express, and @cap.js/middleware-elysia for a Cloudflare browser checkpoint-like experience.

Usage Instructions

Cap can be integrated by using its JavaScript libraries (@cap.js/widget and @cap.js/server) in JavaScript runtime environments. For non-JavaScript environments, the standalone Docker image provides a REST API for interaction. Detailed quickstart guides and full documentation are available via the project links.

Key Features

• Lightweight: @cap.js/widget is only 12kb minified and brotli'd, making it 250x smaller than hCaptcha.
• Private: Uses proof-of-work, eliminating the need for tracking, fingerprinting, or data collection.
• Proof-of-Work (PoW): Employs SHA-256 PoW, making it easier for humans to solve (by performing a small computation) and harder for bots.
• Fully Customizable: Self-hostable, allowing customization of both backend and frontend, or via CSS variables.
• Standalone Mode: Docker image available for use with any programming language or framework via a simple REST API.
• Invisible Mode: Can run invisibly in the background using a JavaScript API.
• Floating Mode: CAPTCHA remains hidden until explicitly needed.
• Fully Open-Source: Licensed under the Apache License 2.0.
• No Dependencies: Built with JavaScript without external dependencies for core components.
• Cross-runtime Compatibility: Runs on Bun, Node.js, Deno.
• GDPR/CCPA Compliant: Its privacy-centric design naturally complies with these regulations.

Target Users

Cap is ideal for: - Developers and organizations looking for a CAPTCHA alternative focusing on privacy and performance. - Websites and applications needing to protect APIs from bots. - Online platforms aiming to prevent spam on forms. - Services requiring blocking of automated login attempts. - Projects needing to secure against free-tier abuse.

Project Links

• GitHub Repository: https://github.com/tiagorangel1/cap
• Documentation/Website: https://capjs.js.org/

Application Scenarios

• API Protection: Securing REST APIs from automated requests and bot attacks.
• Form Spam Prevention: Implementing CAPTCHA on contact forms, registration forms, and comment sections to prevent spam submissions.
• Login Security: Adding a layer of protection against brute-force attacks and automated login attempts.
• Preventing Free-Tier Abuse: Mitigating misuse of free services or limited resources by ensuring legitimate human interaction.
• Cloudflare-like Checkpoints: Using provided middleware to create browser checkpoint experiences for enhanced security.