Less Bloat, No Images: A CAPTCHA That Doesn't Suck

You know the drill. You're trying to sign up for something, and suddenly you're identifying traffic lights, crosswalks, or storefronts for the 15th time. That, or you're puzzling over squiggly text that even your mom couldn't read. The worst part? Those CAPTCHAs are often hundreds of kilobytes of JavaScript, track your mouse movements, and serve images from third-party servers.

What if there was a CAPTCHA that was just... simple? No images, no tracking, no massive bundle. Just a clean, text-based challenge that actually works.

Enter Cap.

What It Does

Cap is a lightweight CAPTCHA library written in JavaScript. Instead of showing you distorted images or asking you to identify objects, it presents you with a simple text-based challenge. Think "What is 3 + 5?" or "Type the word 'apple' backwards." That's it. No images, no canvas manipulation, no user tracking.

Under the hood, it's a small JavaScript class that generates a random challenge, computes the expected answer, and lets you verify the user's response. You can use it in the browser or on the server side (Node.js).

Why It's Cool

Here's what makes Cap stand out:

• No bloat. The entire library is just a few hundred bytes. Compare that to reCAPTCHA's 400KB+ payload. That's a 250x difference in size.
• No tracking. Google's reCAPTCHA sends data about your page, your users, and their behavior back to Google. Cap doesn't do that. It's fully self-contained.
• No images. Works for users with slow connections, screen readers, or just people who don't want to identify buses. It's more accessible out of the box.
• Customizable. You can write your own challenge generators. Want math problems? Done. Want word scrambles? Easy. Want trivia questions? Go for it.
• Works offline. Since it's a simple text challenge, you don't need any external API calls. Great for internal tools or demo apps.

How to Try It

Getting started is dead simple. Clone the repo or install it via npm:

npm install cap-captcha

Or just grab the single JS file from the GitHub repo.

Here's a quick example for a Node.js server:

const Cap = require('cap-captcha');

// Generate a challenge
const cap = new Cap();
const challenge = cap.generateChallenge();
console.log(challenge.question); // "What is 7 + 3?"
console.log(challenge.answer);   // "10"

// Later, verify user input
const isCorrect = cap.verify(challenge.answer, "10");
console.log(isCorrect); // true

For the browser, it works similarly. Generate a question, display it, and then pass the user's answer back for verification. Check the GitHub repo for a full working example with HTML.

Final Thoughts

Is Cap going to stop a determined bot farm? Probably not. But that's not the point. Cap is perfect for low-stress scenarios where you just want to slow down casual spam or automate sign-ups. It's also great for projects where you don't want to sell your users' privacy to Google.

If you need something that's simple, accessible, and privacy-respecting, give Cap a shot. It's refreshing to see a CAPTCHA that doesn't try to be smarter than you or spy on you. Sometimes simple is better.

Found this useful? Follow us at @githubprojects for more developer tools and open source discoveries.