Cap is a lightweight, open-source CAPTCHA alternative designed for modern web environments. Utilizing SHA-256 proof-of-work, Cap offers a fast, private, and customizable solution for bot protection. Its JavaScript widget library is exceptionally compact at just 12kb when minified and compressed, making it 250 times smaller than hCaptcha. Cap eliminates the need for tracking, fingerprinting, or data collection, ensuring user privacy. It is fully customizable, allowing developers to self-host and tailor both backend and frontend components, including styling via CSS variables.
Cap employs proof-of-work instead of traditional puzzles, making it simpler for humans to solve while being computationally challenging for bots. It supports various operational modes, including invisible mode for seamless background operation, floating mode to keep the CAPTCHA hidden until necessary, and standalone mode via Docker for compatibility with non-JavaScript environments. The standalone mode provides a REST API for creating and validating challenges and includes an interactive UI for managing keys.
Cap is designed as a drop-in replacement for existing CAPTCHA solutions like reCAPTCHA, hCaptcha, and Cloudflare Turnstile, focusing on performance and user experience without relying on tracking. It is built entirely with JavaScript, runs on any JS runtime (e.g., Bun, Node.js, Deno), and has no dependencies. For environments without a JS runtime, the Docker-based standalone mode offers easy integration.
Cap's open-source nature under the Apache License 2.0 ensures transparency and flexibility. It is ideal for protecting APIs, preventing spam, blocking automated login attempts, and securing free-tier services from abuse.
