{"id":13711958,"url":"https://github.com/middlewares/honeypot","last_synced_at":"2026-04-01T23:01:56.475Z","repository":{"id":62528415,"uuid":"70400443","full_name":"middlewares/honeypot","owner":"middlewares","description":"PSR-15 middleware to implement a honeypot spam prevention","archived":false,"fork":false,"pushed_at":"2025-04-13T09:40:59.000Z","size":42,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-28T00:58:03.859Z","etag":null,"topics":["honeypot","http","middleware","psr-15","security","spam-protection"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/middlewares.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-10-09T12:06:17.000Z","updated_at":"2026-01-22T21:29:05.000Z","dependencies_parsed_at":"2025-04-13T10:37:55.581Z","dependency_job_id":null,"html_url":"https://github.com/middlewares/honeypot","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/middlewares/honeypot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhoneypot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhoneypot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhoneypot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhoneypot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/middlewares","download_url":"https://codeload.github.com/middlewares/honeypot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhoneypot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292784,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["honeypot","http","middleware","psr-15","security","spam-protection"],"created_at":"2024-08-02T23:01:13.337Z","updated_at":"2026-04-01T23:01:56.442Z","avatar_url":"https://github.com/middlewares.png","language":"PHP","funding_links":[],"categories":["Packages"],"sub_categories":["Security"],"readme":"# middlewares/honeypot\n\n[![Latest Version on Packagist][ico-version]][link-packagist]\n[![Software License][ico-license]](LICENSE)\n![Testing][ico-ga]\n[![Total Downloads][ico-downloads]][link-downloads]\n\nMiddleware to implement a honeypot spam prevention. This technique is based on creating a input field that should be invisible and left empty by real users but filled by most spam bots. The middleware check in the incoming requests whether this value exists and is empty (is a real user) or doesn't exist or has a value (is a bot) returning a 403 response.\n\n## Requirements\n\n* PHP \u003e= 7.2\n* A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)\n* A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)\n\n## Installation\n\nThis package is installable and autoloadable via Composer as [middlewares/honeypot](https://packagist.org/packages/middlewares/honeypot).\n\n```sh\ncomposer require middlewares/honeypot\n```\n\n## Example\n\n```php\n$dispatcher = new Dispatcher([\n\tnew Middlewares\\Honeypot()\n]);\n\n$response = $dispatcher-\u003edispatch(new ServerRequest());\n```\n\n## Usage\n\nIn your forms, you have to include a `\u003cinput\u003e` element that will be used as trap:\n\n```html\n\u003chtml\u003e\n    \u003chead\u003e\n        \u003cstyle type=\"text/css\"\u003e\n            input[name=\"hpt_name\"] { display: none; }\n        \u003c/style\u003e\n    \u003c/head\u003e\n    \u003cbody\u003e\n        \u003cform method=\"POST\"\u003e\n            \u003c!-- This is the honeypot --\u003e\n            \u003cinput type=\"text\" name=\"hpt_name\" aria-label=\"Please, do not fill this input\"\u003e\n\n            \u003clabel\u003e\n                User:\n                \u003cinput type=\"text\" name=\"username\"\u003e\n            \u003c/label\u003e\n            \u003clabel\u003e\n                Password:\n                \u003cinput type=\"password\" name=\"password\"\u003e\n            \u003c/label\u003e\n        \u003c/form\u003e\n    \u003c/body\u003e\n\u003c/html\u003e\n```\n\nThe middleware by default expect the input name is `hpt_name` but you can change it. Note also the css code that hide the honeypot, so users do not see anything, only robots. You may need to add some accesibility attributes like `aria-label` for screen readers.\n\n```php\n//Check the default \"htp_name\" value\n$honeypot = new Middlewares\\Honeypot();\n\n//Check other value, for example \"nobots\"\n$honeypot = new Middlewares\\Honeypot('nobots');\n```\n\nOptionally, you can provide a `Psr\\Http\\Message\\ResponseFactoryInterface` as the second argument to create the error response (`403`) when spam is detected. If it's not defined, [Middleware\\Utils\\Factory](https://github.com/middlewares/utils#factory) will be used to detect it automatically.\n\n```php\n$responseFactory = new MyOwnResponseFactory();\n\n$honeypot = new Middlewares\\Honeypot('htp_name', $responseFactory);\n```\n\n## Helpers\n\n### getField\n\nThis static method is provided to ease the creation of the input field, accepting two arguments: the input name and a label used for screen readers. If no name is provided, use the same name passed previously to the middleware.\n\nExample:\n\n```html\n\u003cform method=\"POST\"\u003e\n    \u003c?= Middlewares\\Honeypot::getField('htp_name', 'Please, do not fill this input') ?\u003e\n    \u003clabel\u003e\n        User:\n        \u003cinput type=\"text\" name=\"username\"\u003e\n    \u003c/label\u003e\n    \u003clabel\u003e\n        Password:\n        \u003cinput type=\"password\" name=\"password\"\u003e\n    \u003c/label\u003e\n\u003c/form\u003e\n```\n\n### getHiddenField\n\nThis static method generates the input field just like `getField()` does, but adds inline CSS to hide the field directly. Note: This may be easier to detect for some bots.\nIf you want to get creative with hiding the field, use `getField()` in combination with custom CSS (or JS).\n\n```html\n\u003cform method=\"POST\"\u003e\n    \u003c?= Middlewares\\Honeypot::getHiddenField() ?\u003e\n    \u003clabel\u003e\n        User:\n        \u003cinput type=\"text\" name=\"username\"\u003e\n    \u003c/label\u003e\n    \u003clabel\u003e\n        Password:\n        \u003cinput type=\"password\" name=\"password\"\u003e\n    \u003c/label\u003e\n\u003c/form\u003e\n```\n\n---\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.\n\nThe MIT License (MIT). Please see [LICENSE](LICENSE) for more information.\n\n[ico-version]: https://img.shields.io/packagist/v/middlewares/honeypot.svg?style=flat-square\n[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square\n[ico-ga]: https://github.com/middlewares/honeypot/workflows/testing/badge.svg\n[ico-downloads]: https://img.shields.io/packagist/dt/middlewares/honeypot.svg?style=flat-square\n\n[link-packagist]: https://packagist.org/packages/middlewares/honeypot\n[link-downloads]: https://packagist.org/packages/middlewares/honeypot\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiddlewares%2Fhoneypot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmiddlewares%2Fhoneypot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiddlewares%2Fhoneypot/lists"}