Proof-of-work CAPTCHA
for bot protection

Open source, zero dependency, self-hosted, developer friendly

Get Started
View on GitHub

Truly Lightweight

Zero dependencies. 2KB gziped. Runs in background using web-workers.

Fully Customizable

Easy to override style and customize behavior.

User-Friendly

Fully invisible or one click to verify.

Quick Start

1. Install on server

npm install @p-captcha/node

1. Install on client

npm install @p-captcha/react

2. Generate on server


import { InMemoryCaptchaService, WoodallAliases } from "@p-captcha/node";

const captchaService = new InMemoryCaptchaService();

app.get("/api/challenge", (req, res) => {
  const { challenge, id } = captchaService.generateChallenge(
    "QuadraticResidueProblem",
    {
      woodall: WoodallAliases.md,
      rounds: 2,
    }
  );
  res.json({ challenge, id });
});

3. Solve on client

import {
  PCaptchaWidget,
  PCaptchaWidgetInvisible,
} from "@p-captcha/react";

<PCaptchaWidget
  challenge={challenge}
  onVerified={(solution) => {
    validateOnServer(solution);
  }}
/>

/* Or use invisible component that solves challenge when mounted */

challenge && (
  <PCaptchaWidgetInvisible
    challenge={challenge}
    onVerified={(solution) => {
      validateOnServer(solution);
    }}
  />
)

4. Validate on server

app.post("/api/validate", (req, res) => {
  const { answer, id } = req.body;
  const success = captchaService.validateAnswer(id, answer);

  if (!success) {
    res.json({ text: "Invalid captcha!" });
    return;
  }

  res.json({ text: "Form processed correctly, captcha is valid!" });
});

5. Run example locally

git clone git@github.com:renton4code/p-captcha.git &&
cd p-captcha &&
./build-and-launch-example.sh

Protect against

Spam

Secure all your forms from spam and automated submissions

Scraping and Automation

Protect your content from scraping and platform abuse automation

DDoS

Protect your compute expensive API endpoints from abuse

Account Takeover

Prevent credential stuffing and brute force attacks