PHPackages brainfoolong/justnocaptcha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [DevOps & Deployment](/categories/devops) 4. / 5. brainfoolong/justnocaptcha ActiveLibrary[DevOps & Deployment](/categories/devops) brainfoolong/justnocaptcha ========================== Proof of Work Captcha/Challenge/Brute Force protection for your browser and server, without any required user interaction. 0.1.0(6mo ago)01MITJavaScriptPHP >=8.0.0CI passing Since Oct 16Pushed 5mo agoCompare [ Source](https://github.com/brainfoolong/justnocaptcha)[ Packagist](https://packagist.org/packages/brainfoolong/justnocaptcha)[ Docs](https://github.com/brainfoolong/justnocaptcha)[ RSS](/packages/brainfoolong-justnocaptcha/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)DependenciesVersions (2)Used By (0) [![Logo](docs/img/logo.svg)](docs/img/logo.svg) [![Tests](https://github.com/brainfoolong/justnocaptcha/actions/workflows/tests.yml/badge.svg)](https://github.com/brainfoolong/justnocaptcha/actions/workflows/tests.yml) **JustNoCaptcha** - Proof Of Work Captcha/Challenge/Brute Force protection, without any required user interaction. As of todays technology and capability of AI that can solve any "I am human" captcha faster than any human on earth, protecting backends is now different from what we are all used to from the past. Having a captcha that need to be solved by hand has absolutely no advantage today nor it can proove the existence of humans in the progress. Instead, if you wish to protect your backend from to much requests in a short period (brute force), you need something that is hard to calculate, but easy to verify. JustNoCaptcha has a simply approach, it creates invisible puzzles that the client must solve. This can be as expensive as you want. Verifying the solved puzzle is cheap on server side, so you don't waste server resources. It can even be used for machine-to-machine interactions, for example to protect your API. Technically, JustNoCaptcha is not a captcha per-se, it's just a way to slow down attempts that can be made in a certain amount of time (Just a brute force protection). But we still use the word captcha as almost everyone is used to it. > Library was called "powcaptcha" before but it conflicted with already existing same type libraries with same name. So it is, JustNoCaptcha. ### Features [](#features) - Multiple architectures, cross-browser - Cross-Browser, no IE - PHP 8+ - NodeJS 16+ - Bun - Typescript - Javascript - GoLang - Help implement more... - Blazing fast server-side verification, don't waste any server resources to verify the clients solution - Variable challenge/puzzle difficulty for the client (up to multiple minutes challenge calculation if required) - Super slim browser library (~3kB unzipped, ~2 kB zipped) - No external dependencies, neither in the browser nor on the server - No tracking, no ads, just open-source - Self hosted ### Install [](#install) ``` PHP: composer require brainfoolong/justnocaptcha NPM: npm install justnocaptcha BUN: bun install justnocaptcha Or download a release and use the required distribution file ``` ### Live example [](#live-example) ### Usage [](#usage) #### PHP Backend [](#php-backend) ``` use BrainFooLong\JustNoCaptcha\JustNoCaptcha; JustNoCaptcha::$verifiedSolutionsFolder = 'path-to-a-local-new-empty-temporary-directory'; JustNoCaptcha::$challengeSalt = 'yourrandomsecretsalt'; $puzzles = 50; $difficulty = 4; $challenge = JustNoCaptcha::createChallenge($puzzles, $difficulty); // send this to client $solution = "comes from the client"; // to test, $solution = JustNoCaptcha::solveChallenge($challenge); $verification = JustNoCaptcha::verifySolution($challenge, $solution); // if ($verification){ // success } ``` #### JS/TS Backend [](#jsts-backend) ``` import JustNoCaptcha from 'justnocaptcha' // or const JustNoCaptcha = require('justnocaptcha') JustNoCaptcha.verifiedSolutionsFolder = 'path-to-a-local-new-empty-temporary-directory'; JustNoCaptcha.challengeSalt = 'yourrandomsecretsalt'; const puzzles = 50 const difficulty = 4 const challenge = JustNoCaptcha.createChallenge(puzzles, difficulty); // send this to client const solution = "comes from the client"; // to test, const solution = await JustNoCaptcha.solveChallenge(challenge); const verification = JustNoCaptcha.verifySolution(challenge, solution); // if (verification) { // success } ``` #### Browser [](#browser) > Browsers are only intended to use as a solver with the "-slim" library. If you need to create challenges in the browser, use the non slim browser library. ``` (async () => { const p = document.getElementById('justnocaptcha_progress') const s = document.getElementById('justnocaptcha_solution') const challenge = 'must come from backend -> JustNoCaptcha.createChallenge()' const solution = await JustNoCaptcha.solveChallenge(challenge, (progress) => { p.value = progress * 100 }) s.value = solution })() ``` #### Go Backend [](#go-backend) ``` package main import ( "encoding/json" "fmt" "os" "path/filepath" "runtime" "time" "brainfoolong/justnocaptcha" ) func main() { pc := justnocaptcha.JustNoCaptcha{ VerifiedSolutionsFolder: "path-to-a-local-new-empty-temporary-directory", ChallengeSalt: "yourrandomsecretsalt", } puzzles := 50 difficulty := 4 var challenge = pc.CreateChallenge(puzzles, difficulty) // send this to client var solution = "comes from the client"; // to test, var solution = pc.SolveChallenge(challenge) var verification = pc.VerifySolution(challenge, solution) if (verification){ // success } } ``` ### In-Depth: How it works and how is the performance [](#in-depth-how-it-works-and-how-is-the-performance) JustNoCaptcha uses an own compute intensive but memory efficient hashing algorithm that is standalone and suitable for both servers and clients to try to provide a good balance of performance on all devices. Slower devices such as old mobile phones are many times slower than newer devices or servers, so we had to use an algorithm that also this devices can solve in a reasonable amount of time. Here are some timing tests we have done in mid 2025 with different devices. The algorithm can be ported to any programming language, as it just do some basic math and bitshift operations and only requires 32bit integers to work with. An already verified challenge cannot be verified again, it will be invalid. All tests uses 1 challenge with 50 puzzles and a difficulty of 4. Times stated here can vary a lot, depending on the hardware. It's just to have some basic numbers to see how it generally performs. DeviceSolve TimeVerify TimePHP 8.4 i9-14900~260ms~2msBun i9-14900~40ms~2msNode i9-14900~70ms~2msGolang i9-14900~30ms~2msGoogle Chrome i9-14900~280ms-Samsung Galaxy A52s Google Chrome~800ms-Samsung S22 Google Chrome~720ms-Samsung S22 Samsung Browser~1100ms-Pixel 6 Google Chrome~680ms-Pixel 9 Google Chrome~680ms-iPhone XR Safari~450ms-iPhone 15 Safari~220ms- ### Health Score 27 — LowBetter than 49% of packages Maintenance69 Regular maintenance activity Popularity1 Limited adoption so far Community6 Small or concentrated contributor base Maturity30 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 209d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1684236?v=4)[Roland Eigelsreiter](/maintainers/BrainFooLong)[@brainfoolong](https://github.com/brainfoolong) --- Top Contributors [![brainfoolong](https://avatars.githubusercontent.com/u/1684236?v=4)](https://github.com/brainfoolong "brainfoolong (4 commits)") --- Tags browserservercaptchafriendlyproofofwork ### Embed Badge ![Health badge](/badges/brainfoolong-justnocaptcha/health.svg) ``` [![Health](https://phpackages.com/badges/brainfoolong-justnocaptcha/health.svg)](https://phpackages.com/packages/brainfoolong-justnocaptcha) ``` ### Alternatives [spatie/laravel-webhook-server Send webhooks in Laravel apps 1.1k8.8M22](/packages/spatie-laravel-webhook-server)[pragmarx/health Laravel Server & App Health Monitor and Notifier 2.0k1.0M2](/packages/pragmarx-health)[felixfbecker/language-server-protocol PHP classes for the Language Server Protocol 22476.7M6](/packages/felixfbecker-language-server-protocol)[clue/socket-raw Simple and lightweight OOP wrapper for PHP's low-level sockets extension (ext-sockets). 35111.1M48](/packages/clue-socket-raw)[voryx/thruway Thruway WAMP router core 6771.0M17](/packages/voryx-thruway)[php-mcp/server PHP SDK for building Model Context Protocol (MCP) servers - Create MCP tools, resources, and prompts 828280.5k25](/packages/php-mcp-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)