npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mtcaptcha

v1.1.0

Published

Node module for MTCaptcha verification

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

batou-mtcaptchabatou-mtcaptcha

Keywords

mtcaptchamtcaptchamorethancaptchamtcnode

Readme

mtcaptcha (Node.js SDK)

Node.js module for server-side MTCaptcha token verification with TypeScript types. MTCaptcha helps protect your applications against spam and automated abuse. Use this package on your backend after the client widget produces a verification token (for example from login, registration, contact forms, or any custom flow).

Top Highlights of MTCaptcha

  • GDPR compliance
  • Enterprise friendly
  • Accessibility compliance
  • Adaptive risk engine
  • High availability around the world

Summary of Features

  • Verifies tokens against MTCaptcha’s checktoken API over HTTPS.
  • Optional parameters for token expiry and duplicate-check behavior.
  • Supports standard and explicit ACL verification endpoints.

Prerequisites

  • Node.js 14 or higher (aligned with the library build target)
  • MTCaptcha account with a private key for your domain (from the MTCaptcha admin console)

The client side must collect a token using your site key; this module only validates that token on the server using the private key.

Installation

npm install mtcaptcha

Basic Usage

Use the MTCaptcha demo site to configure the client widget. Send the resulting token to your server, then verify it:

const MTCaptcha = require('mtcaptcha');

const captcha = new MTCaptcha({
  privateKey: 'YOUR_PRIVATE_KEY',
});

async function handleSubmit(req, res) {
  const token = req.body.mtcaptchaToken;
  const result = await captcha.verify(token);

  if (!result.success) {
    return res.status(400).json({
      fail_codes: result.fail_codes,
      tokeninfo: result.tokeninfo,
    });
  }

  // Token is valid — continue with login, signup, etc.
  return res.json({ ok: true });
}

By default, CheckToken requests go to https://service.mtcaptcha.com. Set explicitAcl: true if you need the https://service2.mtcaptcha.com endpoint for outbound firewall rules (see explicitAcl below).

Constructor Options

Optional CheckToken fields are sent as query parameters when set.

| Name | Type | Required | Default | Description | | ---------------------------- | --------- | -------- | ------- | --------------------------------------------------------------------------- | | privateKey | string | Yes | — | Your MTCaptcha private key (server secret). | | tokenExpireMiniSec | number | No | — | Sets the minimum expiration time (TTL) in seconds for the verified token so it can stay valid longer than the default (commonly 60–120 seconds). Applied only if larger than MTCaptcha’s default. Must be an integer; max 1200 (20 minutes). Example: 300. | | tokenDuplicateCallMaxCount | number | No | — | Raises the duplicate-call limit from the default of one CheckToken call per token to several. Must be an integer; max 20. Example: 5. | | explicitAcl | boolean | No | false | For server environments that must restrict outbound traffic with explicit firewall ACLs: when true, CheckToken uses service2.mtcaptcha.com, which supports allowlisting by explicit IP addresses. Leave false for the standard service.mtcaptcha.com URL. |

verify(token) Result

verify returns a Promise that always resolves (it does not reject on HTTP or parse errors). Use fail_codes as the only error surface: API failures and SDK issues (empty token, bad JSON, network) all add entries in the same { [code]: message } shape. Optional tokeninfo is present when the CheckToken body includes it.

interface VerificationResult {
  success: boolean;
  fail_codes?: FailCode[];
  tokeninfo?: VerificationTokenInfo;
}

interface VerificationTokenInfo {
  v: string;
  code: number;
  codeDesc: string;
  tokID: string;
  timestampSec: number;
  timestampISO: string;
  hostname: string;
  isDevHost: boolean;
  action: string;
  ip: string;
  ipCountry: string;
  riskType: string;
  riskInfo: string;
}

// Each fail code is a single-key object, e.g. { 'invalid-token': '...' }
interface FailCode {
  [key: string]: string;
}

SDK-only fail_codes examples (same shape): { 'missing-input-token': 'Verification token required.' }, { 'bad-request': 'Invalid JSON response: …' }, { 'network-error': '…' }.

For full product and integration documentation, see the official MTCaptcha docs.

License

MIT License — see the LICENSE file in the repository when available.

Support

For issues and feature requests, use the GitHub issue tracker.