PHPackages                             grantholle/laravel-altcha - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. grantholle/laravel-altcha

ActiveLibrary[API Development](/categories/api)

grantholle/laravel-altcha
=========================

A Laravel server implementation for Altcha.

2.2.0(1mo ago)3338.7k—5.3%6[1 PRs](https://github.com/grantholle/laravel-altcha/pulls)1MITPHPPHP ^8.2CI passing

Since Jan 12Pushed 1mo ago2 watchersCompare

[ Source](https://github.com/grantholle/laravel-altcha)[ Packagist](https://packagist.org/packages/grantholle/laravel-altcha)[ Docs](https://github.com/grantholle/laravel-altcha)[ GitHub Sponsors]()[ RSS](/packages/grantholle-laravel-altcha/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (3)Dependencies (20)Versions (11)Used By (1)

Laravel Altcha
==============

[](#laravel-altcha)

[![Latest Version on Packagist](https://camo.githubusercontent.com/56628881b6f7722d4e0d0c9e306b2430497619ccdedb1775f4abd8fdebafa529/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6772616e74686f6c6c652f6c61726176656c2d616c746368612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/grantholle/laravel-altcha)[![GitHub Tests Action Status](https://camo.githubusercontent.com/441818ebd793f316d8936787ba2fcb8f30f431b78a1b6f64f8a45aa52a386b9c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6772616e74686f6c6c652f6c61726176656c2d616c746368612f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/grantholle/laravel-altcha/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/6872bad803673e0917d0356b9d3852f80f33beaaad3b69fd7d5e314619e09d86/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6772616e74686f6c6c652f6c61726176656c2d616c746368612f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/grantholle/laravel-altcha/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/b60dc4e079bd4a7263044792ce7c76c9724f4871d943f063ec1d3e0020ed4a98/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6772616e74686f6c6c652f6c61726176656c2d616c746368612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/grantholle/laravel-altcha)

This is a Laravel implementation for the server-side of [Altcha](https://altcha.org/), a proof-of-work captcha that does not require any third-party service.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require grantholle/laravel-altcha
```

Optionally, publish the config file with:

```
php artisan vendor:publish --tag="altcha-config"
```

Usage
-----

[](#usage)

In `.env` (or published config file), set the following variables:

```
# Required, sort of like a password
ALTCHA_HMAC_KEY=
# Optional, defaults to SHA-256. Can be SHA-1 or SHA-512
# ALTCHA_ALGORITHM="SHA-256"
```

Out of the box, the package registers a `/altcha-challenge` endpoint to use you on your frontend.

Frontend
--------

[](#frontend)

Following the [frontend integration](https://altcha.org/docs/website-integration), use the following snippet to get a challenge:

```

```

Implementation will be different given your frontend, but here's an example Vue component to use:

```

import 'altcha'

const emit = defineEmits(['update:modelValue'])
const stateChanged = ev => {
  if (ev.detail.state === 'verified') {
    emit('update:modelValue', ev.detail.payload)
  }
}

```

In an Inertja.js form, you could use this component like so:

```

    Email

    Password

    Submit

import { useForm } from '@inertiajs/inertia-vue3'
// This is the component we made above
import Altcha from '@/components/forms/Altcha.vue'

const form = useForm({
  email: null,
  password: null,
  token: null,
})

```

Backend validation
------------------

[](#backend-validation)

To validate the frontend-generated token/payload, there's a `ValidAltcha` rule you can use, assuming the token is passed as `token` in the request:

```
use GrantHolle\Altcha\Rules\ValidAltcha;

$request->validate([
    'email' => ['required', 'email'],
    'password' => ['required'],
    'token' => ['required', new ValidAltcha],
]);
```

Bypass validation in tests
==========================

[](#bypass-validation-in-tests)

To successfully test routes protected by Altcha you can optionally set a `testing_bypass` value in `config/altcha.php`, or dynmaclly set it in applicable tests. For example a typical setup might be:

```

```

```
// tests/demoTest.php

it('validates Altcha challenge', function() {

    // a "valid" value passes
    $this->post('store-something', [
      'altcha' => config('altcha.testing_bypass')
    ])->assertSessionHasNoErrors();

    // but an "invalid" value fails
    $this->post('store-something', [
        'altcha' => 'not valid'
    ])->assertSessionHasErrors('altcha');

    // or dynamically set a value for specific tests
    config(['altcha.testing_bypass' => null]);

    // still fails because we removed the bypass
    $this->post('store-something', [
        'altcha' => 'valid'
    ])->assertSessionHasErrors('altcha');

});
```

Testing
-------

[](#testing)

```
composer test
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

Security Vulnerabilities
------------------------

[](#security-vulnerabilities)

Please review [our security policy](../../security/policy) on how to report security vulnerabilities.

Credits
-------

[](#credits)

- [Grant Holle](https://github.com/grantholle)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

55

—

FairBetter than 98% of packages

Maintenance88

Actively maintained with recent releases

Popularity42

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity60

Established project with proven stability

 Bus Factor1

Top contributor holds 62.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~99 days

Recently: every ~85 days

Total

9

Last Release

58d ago

Major Versions

1.2.2 → 2.0.02025-06-13

### Community

Maintainers

![](https://www.gravatar.com/avatar/57ed974235b4a23e6aaf9d9039bff2b0d1268edc0e44ebab6e60e4bf1e6eb144?d=identicon)[grantholle](/maintainers/grantholle)

---

Top Contributors

[![grantholle](https://avatars.githubusercontent.com/u/1189456?v=4)](https://github.com/grantholle "grantholle (36 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (10 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (7 commits)")[![tobz-nz](https://avatars.githubusercontent.com/u/443054?v=4)](https://github.com/tobz-nz "tobz-nz (4 commits)")[![mattstein](https://avatars.githubusercontent.com/u/2488775?v=4)](https://github.com/mattstein "mattstein (1 commits)")

---

Tags

laravelGrant Hollelaravel-altcha

###  Code Quality

TestsPest

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/grantholle-laravel-altcha/health.svg)

```
[![Health](https://phpackages.com/badges/grantholle-laravel-altcha/health.svg)](https://phpackages.com/packages/grantholle-laravel-altcha)
```

###  Alternatives

[dedoc/scramble

Automatic generation of API documentation for Laravel applications.

2.1k7.8M57](/packages/dedoc-scramble)[scalar/laravel

Render your OpenAPI-based API reference

6183.9k2](/packages/scalar-laravel)[ryangjchandler/bearer

Minimalistic token-based authentication for Laravel API endpoints.

8129.8k](/packages/ryangjchandler-bearer)[combindma/laravel-facebook-pixel

Meta pixel integration for Laravel

4956.9k](/packages/combindma-laravel-facebook-pixel)[stechstudio/laravel-hubspot

A Laravel SDK for the HubSpot CRM Api

2971.0k](/packages/stechstudio-laravel-hubspot)[njoguamos/laravel-plausible

A laravel package for interacting with plausible analytics api.

208.8k](/packages/njoguamos-laravel-plausible)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)