WHAT IS IT?
Cap is an open-source alternative to traditional CAPTCHAs (reCAPTCHA, hCaptcha, Turnstile). Instead of asking users to click on traffic lights, Cap uses SHA-256 proof-of-work and JavaScript instrumentation to tell humans apart from bots. All in ~20kb, zero dependencies, and without sending any telemetry to third-party servers.
WHY IS IT INTERESTING?
- Ultra-lightweight: ~20kb, zero dependencies — 250x smaller than hCaptcha. Loads in milliseconds
- Privacy-first: No data sent to external servers. You keep full control over your users' data
- Self-hostable: Standalone mode with Docker, analytics included. No third-party service dependency
- Proof-of-work: Users no longer waste time on visual puzzles — challenges are solved browser-side
- Fully customizable: Colors, size, position, icons — everything configurable via CSS variables
- Programmatic mode: Hidden widget with background challenge solving, perfect for APIs
USE CASES
- Protecting forms against bots without degrading UX
- Securing APIs while remaining accessible to legitimate automation (M2M)
- Replacing reCAPTCHA or hCaptcha with a privacy-respecting solution
- Adding an anti-abuse layer to a site without depending on an external SaaS