Skip to content

CapA modern, lightning-quick PoW captcha

Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work

VitePress

What is Cap?

Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work. It's fast, private, and extremely simple to integrate. Learn more about proof-of-work here.

Cap is built into 2 main parts:

  • @cap.js/widget: A small JavaScript library that renders the CAPTCHA and handles solving it using Web Workers and WASM.

  • @cap.js/server: An extremely simple, zero-dependencies library that handles creating and validating challenges.

There are also some other helpful packages:

  • @cap.js/solver: Server-side solver for the CAPTCHA in case you want to use machine-to-machine.

  • @cap.js/cli: Command-line interface for solving CAPTCHAs made with Cap. It's mainly designed for testing and when you need to solve these CAPTCHAs in a browser without JavaScript support.

  • Standalone mode: Docker image that helps you use Cap with any language or framework. It runs a simple REST API that can be used to create and validate challenges and an interactive UI to manage your keys.

  • @cap.js/wasm: WASM solvers for Node and Web built with Rust.

It's designed to be a drop-in replacement for existing CAPTCHA solutions, with a focus on performance and UX.

Cap is built with JavaScript, runs on any JS runtime (Bun, Node.js, Deno), and has no dependencies. If you're not using any JS runtime, you can also use the standalone mode with Docker, which relies entirely on a simple REST API to create and validate challenges.

Why Cap?

  • 250x smaller than hCaptcha
    @cap.js/widget is extremely small, only 12kb minified and brotli'd.
  • Private
    Cap's usage of proof-of-work eliminates the need for any tracking, fingerprinting or data collection.
  • Fully customizable
    Cap's self-hostable so you can customize both the backend & frontend — or you can just use CSS variables
  • Proof-of-work
    Cap uses proof-of-work instead of complex puzzles, making it easier for humans and harder for bots
  • Standalone mode
    Cap offers a standalone mode with Docker, allowing you to use it with languages other than JS.
  • Invisible mode
    Cap can run invisibly in the background using a simple JS API.
  • Floating mode
    Cap's floating mode keeps your CAPTCHA hidden until it's needed.
  • Fully open-source
    Completely open source under the Apache license 2.0 license.

It's ideal for:

  • Protecting APIs from bots
  • Preventing spam on forms
  • Blocking automated login attempts
  • Securing free-tier abuse

Alternatives

Cap is a modern alternative to:

But unlike them, Cap is computation-bound, not tracking-bound.

License

Cap is licensed under the Apache License 2.0.


OpenSSF Best Practices

Cap - A lightweight, modern open-source captcha | Product Hunt

Released under the Apache 2.0 License.