Skip to content

Releases: WebDecoy/node-sdk

v0.3.0 — Self-Hosted Captcha & Detection Engine

31 May 13:55
@cport1 cport1
v0.3.0
e2ed793

Choose a tag to compare

View all tags
v0.3.0 — Self-Hosted Captcha & Detection Engine Latest
Latest

Adds a fully in-process bot-detection engine and self-hosted captcha — no remote call required for scoring. IP enrichment (VPN/proxy/Tor, abuse, geo) continues to use api.webdecoy.com.

Highlights

  • New package: @webdecoy/client — browser widget that collects ~40 behavioral, environmental, and fingerprint signals, solves a SHA-256 proof-of-work, and submits to your server. Checkbox + invisible modes, plus a standalone IIFE bundle.
  • DetectionEngine (@webdecoy/node) — scores signals in-process across vision-AI, headless, automation/CDP, behavioral, mobile touch/sensor, fingerprint, header, browser-consistency, JA3/JA4, form-interaction, and keystroke-cadence detectors into an allow / challenge / block verdict.
  • Captcha service — HMAC-signed proof-of-work challenges (difficulty scaling, replay protection, signals-commitment binding, server-side timing) + single-use, IP-bound session tokens.
  • Captcha endpoints for Express, Fastify, and Next.js (webdecoyCaptcha, webdecoyCaptchaPlugin, createCaptchaHandler) under a configurable base path (default /__webdecoy).
  • Runnable example: examples/captcha-express.

Notes

  • secret is required in production for signing challenges/tokens.
  • Stores are in-memory by default; supply challengeStore / tokenStore for serverless / multi-instance (Redis seam).
  • The scoring model is confidence-weighted, so a single signal (e.g. missing PoW) yields challenge, not block.

All packages published to npm at 0.3.0: `@webdecoy/node`, `@webdecoy/client`, `@webdecoy/express`, `@webdecoy/fastify`, `@webdecoy/nextjs`.

Assets 2
Loading

v0.2.0 — Rules Engine

09 Feb 05:08
@cport1 cport1
v0.2.0
1c95397

Choose a tag to compare

View all tags
v0.2.0 — Rules Engine

What's New

Rules Engine

In-memory rules engine with first-deny-wins evaluation. Ships with two built-in rule types:

  • Rate Limiting — Fixed window and sliding window algorithms with configurable limits, windows, and actions (throttle with 429 + Retry-After, or deny with 403)
  • Filter Expressions — A declarative expression language for matching requests against IP, path, method, headers, country, ASN, and abuse score

Violation Event Reporting

Rule violations are buffered in the SDK and flushed in batches to the ingest service for dashboard visibility.

IP Enrichment

On-demand IP enrichment (GeoIP, VPN/proxy detection, AbuseIPDB) with 1-hour TTL cache and request deduplication. Powers filter expressions like ip.country == "CN" && ip.abuseScore > 80.

Framework Adapters

  • Express — Updated with rule engine integration (429/403 responses)
  • Next.js — New adapter (@webdecoy/nextjs)
  • Fastify — New adapter (@webdecoy/fastify)

Packages

Package Version
@webdecoy/node 0.2.0
@webdecoy/express 0.2.0
@webdecoy/nextjs 0.2.0
@webdecoy/fastify 0.2.0
Loading