npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

pow_captcha

v1.0.3

Published

A proof of work captcha that forces a computer to brute force until it finds a correct output to the input given by using hash logic

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

y0urstrulyy0urstruly

Keywords

workcaptchaproofofworkpowproofofworkcaptchahash

Readme

pow_captcha (proof of work captcha)

Usage

Installation

npm install pow_captcha

Importing

const {makeTest, takeTest, takeTestAsync, ready} = require('pow_captcha');

Concept (what is this)

Usually, when one thinks of a "CAPTCHA", weird looking images with instructions about which one(s) to select to prove you're human. These ensure only human traffic to certain operations on a website. However, they do not stop spam to a server that much. The only way the server can verify a token is to use its resources to send a request the CAPTCHA service API (for at least reCAPTCHA and hCAPTCHA). On top of that, if the attacker spams enough, you would have sent enough requests to the respective API to disable your API credentials for a period of time, leading to denial of services to valid requests. Now, this proof of work captcha utilises cryptography in a way that a cryptographic "puzzle" can be created that takes a physical amount of processor time to complete, adding a logical delay to the spamming capabilities of an attacker.

  • The puzzle is the hash of a correct buffer, an incorrect buffer being given and the definitions of various ranges where the computer can edit the buffer.
  • The idea here is that a computer has to edit the incorrect buffer using the ranges, then to only stop when its hash is equal to the hash of the correct buffer.
  • Buffer length has its part to play to be large enough that an attacker cannot pre hash every single possibility. An attacker needs to hash (a2-a1)^B B lengthed buffers to do this.
  • For instance the default values have a1 at 0, a2 at 256 and B at 1024 if you check the argument descriptions below in the makeTest function. This means that an attacker would have to prehash 256^1024 sets of 1024 lengthed buffers (this is a ridiculous amount, check it out yourself) and therefore, one needs to take the processor time to complete this puzzle :D

Exports

There are 3 functions that are exported for use But before that there is simply a Promise named ready that will resolve when everything is ready; meaning when the wasm binary for takeTest has asynchronously loaded What does this mean? The code to take the test (the one that takes a physical amount of time for a computer to solve) has been now written in C and compiled to something called WebAssembly for increased performance