Cap

lightweight, modern open-source CAPTCHA

5.0•1 review•

405 followers

lightweight, modern open-source CAPTCHA

5.0•1 review•

405 followers

Visit website

Safety and Privacy platforms

Cap is a fast, lightweight, and modern open-source CAPTCHA alternative based on SHA-256 proof-of-work (PoW). It’s 250x smaller than hCaptcha, privacy-focused, fully customizable, and easy to self-host. Cap helps prevent spam and abuse without tracking users, making it ideal for privacy-conscious developers. Built for speed and simplicity, Cap is perfect for modern web apps, forms, and APIs that need secure, lightweight human verification.

Free

Launch tags:User Experience•Developer Tools•GitHub

Launch Team / Built With

Wispr Flow: Dictation That Works Everywhere — Stop typing. Start speaking. 4x faster.

Stop typing. Start speaking. 4x faster.

Promoted

Cap

Maker

📌

star the repo on github! 👉 https://github.com/tiagorangel1/cap

Report

11mo ago

Elisi : AI-powered Goal Management App

Love this approach! 💡 Using SHA-256 proof-of-work as a CAPTCHA alternative is such a smart, elegant solution — especially in an era where user privacy and page speed really matter. 🔒⚡️

Curious how it performs in real-world bot scenarios — any benchmarks or early adopter feedback?

Awesome work, and congrats on the launch! 🚀

Report

11mo ago

Typeform Alternative By Buildform

@williamrobertscott would love to know more about this @tr3 !

Great work BTW 🔥

Report

11mo ago

Cap

Maker

@williamrobertscott @chamaru hi there, you can read more about PoW here: https://capjs.js.org/guide/effectiveness.html
and run a benchmark here: https://capjs.js.org/guide/benchmark.html

i'm still running this benchmark on a bunch of devices

Report

11mo ago

Manna

250x smaller than hCaptcha is huge for web performance. Can we modify PoW parameters per use case, like stricter thresholds for login vs. comment forms?

Report

11mo ago

Cap

Maker

@desmond_ren1 yes! you can fully adjust the difficulty

Report

11mo ago

I'm a bit concerned about it's effectiveness. Prove me wrong, I'd be happy if this works as good as the others.

First, this does not verify if I'm a human, but if I have enough computational resources. A similar system was developed (Hashcash) which is not really used in popular email clients. In my opinion, it works for Bitcoin for the same reason it didn't work work email: it doesn't verify if you're a human, it just verifies your computational resources.

This raises some questions. What if someone is browsing my site from an old computer? The verification will take a lot longer and possibly use all the resources that device has for minutes.

What happens to botnets? While tracking-based captchas have a chance to combat them, it doesn't really matter if hacker guy has to do some PoW on the botnet computers.

Thanks to Bitcoin, we also have really efficient sha256 ASICs - computers that only solve sha256, but they do it really efficiently. If a verification take 2 seconds on a CPU, then it will take milliseconds on an ASIC. So with just one ASIC, I'm able to essentially break any website.

Right now I think this captcha is MUCH better than not using any captcha - but I don't think it is better that the tracking based captchas. I'd be the happiest if this could work, so please prove me wrong if I didn't get it right. I also think it is really important to have experiments like this, I really support the direction.

Report

11mo ago

Cap

Maker

@dawe You should read more about PoW here: https://capjs.js.org/guide/effectiveness.html

botnets can't really solve the captcha in a reasonable amount of time since they're usually very low-powered devices such as security cameras or routers
it's not really that slow on old computers, you can test it yourself here: https://capjs.js.org/guide/benchmark.html
yes, the concern about sha256 ASICs is valid. i'm working on moving the captcha to blake3 or other algorithm

Report

11mo ago

@tr3 Wow this is awesome, maybe RandomX could work too

Report

11mo ago

This is great. I will use it on my next project as it seems really straightforward and easy to implement. Congrats for the launch & good luck!

Report

11mo ago

Cap

Maker

@aeromaniax thanks!

Report

11mo ago

Looks neat! Always cool to see lightweight alternatives popping up. Curious how it performs compared to traditional CAPTCHAs, especially in terms of speed and user experience.

Report

11mo ago

This alternative looks promising. I'm saving it for use on a future project! Good work on the launch!

Report

10mo ago

1 2 3

5.0

Based on 1 review

Review Cap?

Reviews

Most Informative

I'm a bit concerned about it's effectiveness. Prove me wrong, I'd be happy if this works as good as the others.

This raises some questions. What if someone is browsing my site from an old computer? The verification will take a lot longer and possibly use all the resources that device has for minutes.

What happens to botnets? While tracking-based captchas have a chance to combat them, it doesn't really matter if hacker guy has to do some PoW on the botnet computers.