https://github.com/tiagozip/cap

Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work
https://github.com/tiagozip/cap

anti-abuse anti-bot anti-scraper antispam bun captcha defense hashcash javascript proof-of-work turing-test web

Last synced: about 1 month ago
JSON representation

Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work

• Host: GitHub
• URL: https://github.com/tiagozip/cap
• Owner: tiagozip
• License: apache-2.0
• Created: 2025-01-11T17:35:52.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-08-28T10:40:48.000Z (about 1 month ago)
• Last Synced: 2025-08-28T17:45:04.169Z (about 1 month ago)
• Topics: anti-abuse, anti-bot, anti-scraper, antispam, bun, captcha, defense, hashcash, javascript, proof-of-work, turing-test, web
• Language: JavaScript
• Homepage: http://capjs.js.org/
• Size: 9.09 MB
• Stars: 4,013
• Watchers: 9
• Forks: 125
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.MD

Awesome Lists containing this project

• awesome-starred - tiagozip/cap - Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work (JavaScript)

README

          


  





  Documentation

    •  

  Quickstart

    •  

  Demo

    •  

  Issues

  




### [Read the docs →](https://capjs.js.org)

## What is Cap?

Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work. It's fast, private, and extremely simple to integrate. Learn more about proof-of-work here.

Cap is built into 2 main parts:

- **[@cap.js/widget](https://capjs.js.org/guide/widget.html)**: A small JavaScript library that renders the CAPTCHA and handles solving it using Web Workers and WASM.

- **[@cap.js/server](https://capjs.js.org/guide/server.html)**: An extremely simple, zero-dependencies library that handles creating and validating challenges.

There are also some other helpful packages:

- **[M2M](https://capjs.js.org/guide/solver.html)**: Server-side solver for Cap challenges, useful for protecting API endpoints that you still want public. This doesn't bypass the actual proof-of-work.

- **[@cap.js/cli](https://capjs.js.org/guide/cli.html)**: Command-line interface for solving CAPTCHAs made with Cap. It's mainly designed for testing and when you need to solve these CAPTCHAs in a browser without JavaScript support.

- **[Standalone mode](https://capjs.js.org/guide/standalone.html)**: Docker image that helps you use Cap with any language or framework. It runs a simple REST API that can be used to create and validate challenges and an interactive UI to manage your keys.

- **@cap.js/wasm**: Experimental WASM solvers built using Rust.

We also provide a middleware for a Cloudflare browser checkpoint-like experience:

- [@cap.js/checkpoint-hono](https://capjs.js.org/guide/middleware/hono.html)

- [@cap.js/checkpoint-express](https://capjs.js.org/guide/middleware/express.html)

- [@cap.js/middleware-elysia](https://capjs.js.org/guide/middleware/elysia.html)

- more coming soon!

It's designed to be a drop-in replacement for existing CAPTCHA solutions, with a focus on performance and UX.

Cap is built with JavaScript, runs on any JS runtime (Bun, Node.js, Deno), and has no dependencies. If you're not using any JS runtime, you can also use the standalone mode with Docker, which relies entirely on a simple REST API to create and validate challenges.

## Why Cap?

- **250x smaller than hCaptcha**  

  `@cap.js/widget` is extremely small, only 12kb minified and brotli'd.

- **Private**  

   Cap's usage of proof-of-work eliminates the need for any tracking, fingerprinting or data collection.

- **Fully customizable**  

   Cap's self-hostable so you can customize both the backend & frontend — or you can just use CSS variables

- **Proof-of-work**  

   Cap uses proof-of-work instead of complex puzzles, making it easier for humans and harder for bots

- **Standalone mode**  

   Cap offers a standalone mode with Docker, allowing you to use it with languages other than JS.

- **Invisible mode**  

   Cap can run invisibly in the background using a simple JS API.

- **Floating mode**  

   Cap's floating mode keeps your CAPTCHA hidden until it's needed.

- **Fully open-source**  

   Completely open source under the Apache license 2.0 license.

It's ideal for:

- Protecting APIs from bots

- Preventing spam on forms

- Blocking automated login attempts

- Securing free-tier abuse

## Feature comparison

| CAPTCHA | Open-source | Free | Private | Fast to solve | Easy for humans | Small error rate | Checkpoint support | GDPR/CCPA Compliant | Customizable | Hard for bots | Easy to integrate |

| :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- | :-- |

| **Cap** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🟨 | ✅ |

| Cloudflare Turnstile | ❌ | ✅ | 🟨 | 🟨 | ✅ | ❌ | 🟨 | ✅ | ❌ | 🟨 | ✅ |

| reCAPTCHA | ❌ | 🟨 | ❌ | ✅ | ❌ | 🟨 | ❌ | 🟨 | ❌ | ❌ | ✅ |

| hCAPTCHA | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | 🟨 | ❌ | 🟨 | ✅ |

| Altcha | ✅ | ✅ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | 🟨 | 🟨 |

| FriendlyCaptcha | ❌ | ❌ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | 🟨 | 🟨 |

| MTCaptcha | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | ❌ | ❌ | 🟨 |

| GeeTest | ❌ | ❌ | ❌ | 🟨 | 🟨 | 🟨 | ❌ | ✅ | ❌ | 🟨 | 🟨 |

| Arkose Labs | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🟨 | ❌ | ❌ |

## Alternatives

Cap is a modern alternative to:

- [reCAPTCHA](https://www.google.com/recaptcha/about/)

- [hCaptcha](https://www.hcaptcha.com/)

- [Cloudflare Turnstile](https://developers.cloudflare.com/turnstile/)

But unlike them, Cap is **computation-bound, not tracking-bound**.

## License

Cap is licensed under the Apache License 2.0.

---

[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9920/badge)](https://www.bestpractices.dev/projects/9920)