Cap — Modern, Open-source PoW CAPTCHA for JavaScript
Extracto
Cap.js is a fast, privacy-friendly proof-of-work CAPTCHA alternative to reCAPTCHA and hCaptcha. Zero dependencies, developer-friendly, and effective against spam, DDoS, and automation.
Resumen
Resumen Principal
Cap emerge como una alternativa de CAPTCHA moderna, ligera y de código abierto, que redefine la verificación de usuarios en la web mediante el uso de Prueba de Trabajo (PoW) basada en SHA-256. A diferencia de las soluciones tradicionales que dependen del seguimiento o complejos rompecabezas, Cap se distingue por su enfoque en la privacidad intrínseca al ser un sistema computation-bound, eliminando por completo la necesidad de recopilación de datos, huellas dactilares o seguimiento de usuarios. Su implementación es notablemente eficiente, con una biblioteca de widgets de apenas ~20kb, lo que la hace 250 veces más pequeña que alternativas populares. Este diseño optimizado garantiza una integración sencilla y un rendimiento excepcional, ofreciendo modos flexibles como "invisible" o "flotante" para una experiencia de usuario fluida. Cap está diseñado para ser un reemplazo directo, proporcionando una solución robusta contra bots que prioriza tanto la seguridad como la privacidad del usuario y la eficiencia del sitio web.
Elementos Clave
-
Innovación en Prueba de Trabajo (PoW): Cap se distingue por emplear un mecanismo de prueba de trabajo SHA-256 para sus desafíos, lo que le permite verificar la legitimidad de un usuario a través de un cómputo ligero en lugar de complicados puzzles visuales o análisis de comportamiento. Este enfoque no solo simplifica la interacción para los humanos, sino que también incrementa significativamente la dificultad para los bots, eliminando la necesidad de seguimiento o recopilación de datos, garantizando así una privacidad superior.
-
Enfoque Minimalista y de Privacidad por Diseño: La librería de widgets de Cap es extraordinariamente pequeña, de solo ~20kb (incluyendo WASM), lo que la convierte en una de las soluciones más ligeras del mercado. Esta ligereza contribuye a una experiencia de usuario rápida y fluida. Crucialmente, su naturaleza computation-bound significa que no realiza seguimiento, huellas dactilares ni recopila datos, posicionándose como una solución inherentemente privada, en contraste directo con alternativas dependientes del seguimiento de usuarios.
-
Modularidad y Flexibilidad de Implementación: Cap está estructurado en componentes clave como
@cap.js/widgetpara la interfaz de usuario y@cap.js/serverpara la creación y validación de desafíos. Además, ofrece un modo standalone con Docker que permite su uso con cualquier lenguaje o framework a través de una API REST. Su compatibilidad con runtimes de JavaScript (Bun, Node.js, Deno) y la capacidad de ser auto-hospedado otorgan a los desarrolladores un control total sobre la personalización del backend y frontend, ya sea mediante variables CSS o adapt
Contenido
CapA modern, lightning-quick PoW captcha
Cap is a lightweight, modern open-source CAPTCHA alternative using proof-of-work
⚡️
250x smaller than hCaptcha
Cap's widget library is extremely small, only about ~20kb (including WASM)
🔒️
Private
Cap's usage of proof-of-work eliminates the need for any tracking, fingerprinting or data collection
🌈
Fully customizable
Cap is self-hostable so you can customize both the backend & frontend (or you can just use CSS variables)
🤖
PoW-based
Cap uses PoW instead of complex puzzles, making it easier for humans and harder for bots
🧩
Standalone mode
Cap offers a standalone mode with Docker, allowing you to use it with languages other than JS
💨
Invisible & floating mode
Cap can run invisibly in the background, or it can keep your CAPTCHA hidden until it's needed
🎯
Checkpoint
Easily add a privacy-friendly Cloudflare-like interstitial to your website in 2 lines of code
🌳
Fully FOSS
Completely free & open-source under the Apache 2.0 license
What is Cap?
Cap is a lightweight, modern open-source CAPTCHA alternative using SHA-256 proof-of-work. It's fast, private, and extremely simple to integrate. Learn more about proof-of-work here.
Cap is built into 2 main parts:
@cap.js/widget: A small JavaScript library that renders the CAPTCHA and handles solving it using Web Workers and WASM.
@cap.js/server: An extremely simple, zero-dependencies library that handles creating and validating challenges.
There are also some other helpful packages:
M2M: Server-side solver for Cap challenges, useful for protecting API endpoints that you still want public. This doesn't bypass the actual proof-of-work.
@cap.js/cli: Command-line interface for solving CAPTCHAs made with Cap. It's mainly designed for testing and when you need to solve these CAPTCHAs in a browser without JavaScript support.
Standalone mode: Docker image that helps you use Cap with any language or framework. It runs a simple REST API that can be used to create and validate challenges and an interactive UI to manage your keys.
@cap.js/wasm: WASM solvers for Node and Web built with Rust.
We also provide a middleware for a Cloudflare browser checkpoint-like experience:
It's designed to be a drop-in replacement for existing CAPTCHA solutions, with a focus on performance and UX.
Cap is built with JavaScript, runs on any JS runtime (Bun, Node.js, Deno), and has no dependencies. If you're not using any JS runtime, you can also use the standalone mode with Docker, which relies entirely on a simple REST API to create and validate challenges.
Why Cap?
- 250x smaller than hCaptcha
@cap.js/widgetis extremely small, only 12kb minified and brotli'd. - Private
Cap's usage of proof-of-work eliminates the need for any tracking, fingerprinting or data collection. - Fully customizable
Cap's self-hostable so you can customize both the backend & frontend — or you can just use CSS variables - Proof-of-work
Cap uses proof-of-work instead of complex puzzles, making it easier for humans and harder for bots - Standalone mode
Cap offers a standalone mode with Docker, allowing you to use it with languages other than JS. - Invisible mode
Cap can run invisibly in the background using a simple JS API. - Floating mode
Cap's floating mode keeps your CAPTCHA hidden until it's needed. - Fully open-source
Completely open source under the Apache license 2.0 license.
It's ideal for:
- Protecting APIs from bots
- Preventing spam on forms
- Blocking automated login attempts
- Securing free-tier abuse
Feature comparison
| CAPTCHA | Open-source | Free | Private | Fast to solve | Easy for humans | Small error rate | Checkpoint support | GDPR/CCPA Compliant | Customizable | Hard for bots | Easy to integrate |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cap | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | 🟨 | ✅ |
| Cloudflare Turnstile | ❌ | ✅ | 🟨 | 🟨 | ✅ | ❌ | 🟨 | ✅ | ❌ | 🟨 | ✅ |
| reCAPTCHA | ❌ | 🟨 | ❌ | ✅ | ❌ | 🟨 | ❌ | 🟨 | ❌ | ❌ | ✅ |
| hCAPTCHA | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | 🟨 | ❌ | 🟨 | ✅ |
| Altcha | ✅ | ✅ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | 🟨 | 🟨 |
| FriendlyCaptcha | ❌ | ❌ | ✅ | 🟨 | ✅ | ✅ | ❌ | ✅ | ✅ | 🟨 | 🟨 |
| MTCaptcha | ❌ | 🟨 | 🟨 | ❌ | ❌ | 🟨 | ❌ | ✅ | ❌ | ❌ | 🟨 |
| GeeTest | ❌ | ❌ | ❌ | 🟨 | 🟨 | 🟨 | ❌ | ✅ | ❌ | 🟨 | 🟨 |
| Arkose Labs | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | 🟨 | ❌ | ❌ |
Alternatives
Cap is a modern alternative to:
But unlike them, Cap is computation-bound, not tracking-bound.
License
Cap is licensed under the Apache License 2.0.