Cap: A lightweight, modern, open-source CAPTCHA alternative
Cap is a modern, open-source CAPTCHA alternative that provides a lightweight verification service through a SHA-256 proof-of-work system.
Cap is an open-source CAPTCHA solution on GitHub that uses a SHA-256 Proof-of-Work mechanism instead of traditional image recognition puzzles. It's designed as a fast, private, and easy-to-integrate alternative to services like reCAPTCHA and hCaptcha, focusing on being "computation-bound, not tracking-bound."
Cap primarily consists of two parts: @cap.js/widget and @cap.js/server. @cap.js/widget is a small JavaScript library used to render the CAPTCHA and handle the solving process via Web Workers and WASM. @cap.js/server is a simple, zero-dependency library for creating and verifying challenges.
Features
- Extremely Lightweight: The @cap.js/widget is only 12kb minified and brotli'd, making it 250x smaller than hCaptcha for faster page loads.
- Privacy-First: It requires no user tracking, browser fingerprinting, or personal data collection, making it GDPR/CCPA compliant.
- Fully Customizable: It's completely self-hostable, allowing users to customize all aspects of both the frontend and backend.
- Proof-of-Work: Friendlier for humans (no puzzles to solve) while remaining difficult for bots.
- Flexible Integration: Offers a standalone Docker mode, allowing it to be used with any backend language (like Python, Go, PHP) via a simple REST API.
- Multiple Modes: Supports an "invisible mode" that runs in the background and a "floating mode" that only appears when needed.
Notes
- The project is built with JavaScript, has zero dependencies, and runs on any JS runtime like Bun, Node.js, and Deno.
- It has a complete ecosystem, including a frontend widget, a server library, a CLI tool, and middleware for popular frameworks like Hono and Express.
- Ideal for use cases such as protecting APIs, preventing form spam, and blocking automated login attempts.
Open Source License
Apache License 2.0.
Compared to other CAPTCHA solutions, Cap offers a smaller footprint, greater privacy protection, stronger customization capabilities, and is easier for humans to solve yet harder for bots to recognize. It also supports multiple languages and frameworks and is fully open-source under the Apache License 2.0.
