Open source bot detection
Self-hosted alternative to Turnstile and reCAPTCHA. Proof-of-work, fingerprinting, behavioral analysis. Your servers, your data.
$ docker compose up -dIntegration
First-party SDKs for React, Next.js, and Express. Or use the 5KB browser SDK directly.
npm install @janus/react @janus/sdkimport { JanusProvider, useJanus } from '@janus/react';
function LoginForm() {
const { execute, loading } = useJanus();
const handleSubmit = async (e) => {
e.preventDefault();
const { success, token } = await execute();
if (success) { /* submit with token */ }
};
return (
<form onSubmit={handleSubmit}>
<button disabled={loading}>Log in</button>
</form>
);
}Comparison
| Turnstile / reCAPTCHA | Janus | |
|---|---|---|
| Data | Sent to Cloudflare / Google | Stays on your servers |
| Privacy | Third-party cookies, tracking | No cookies, no tracking |
| Scoring | Black box | Open source, tunable |
| Infra | External dependency | Self-hosted |
| SDK | 50-200 KB | ~5 KB gzipped |
| Cost | Free tier with limits | Free forever |
Detection
Every verification combines 20+ independent signals into a single risk score from 0 (human) to 100 (bot).
SHA-256 in Web Worker. Auto-scales under attack.
Canvas, WebGL, audio, fonts. Hashed, never raw.
Mouse velocity, keyboard timing, scroll, touch.
Selenium, Puppeteer, PhantomJS, CDP, headless.
Datacenter, VPN, proxy. Self-hosted MaxMind.
PoW difficulty auto-increases during attacks.
Custom scoring logic. Global or per-site.
SMTP alerts with per-event throttling.
HMAC-signed payloads on block/spike.
~5 KB
SDK gzipped
20+
detection signals
168
tests passing
0
browser deps
Deploy in minutes. No vendor lock-in. MIT licensed.