api-turnstile 0.1.5 â 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -14
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
<div align="center">
|
|
4
4
|
<img src="https://sentinel.risksignal.name.ng/sentinel-logo.png" alt="Sentinel Logo" width="120" />
|
|
5
|
-
<h3>
|
|
5
|
+
<h3>Turnstile for API</h3>
|
|
6
6
|
<p>Cloudflare Turnstile protects browsers. <b>Sentinel protects APIs.</b></p>
|
|
7
7
|
<p>
|
|
8
8
|
<a href="https://www.npmjs.com/package/api-turnstile"><img src="https://img.shields.io/npm/v/api-turnstile?color=orange&style=flat-square" alt="NPM Version" /></a>
|
|
@@ -22,21 +22,21 @@
|
|
|
22
22
|
API Turnstile is an API bot protection and abuse prevention middleware for Node.js, Express, Next.js, Bun, and serverless environments.
|
|
23
23
|
It blocks automated attacks such as credential stuffing, fake account creation, payment fraud, and API scraping â without CAPTCHAs or browser JavaScript.
|
|
24
24
|
|
|
25
|
-
##
|
|
25
|
+
## Key Features
|
|
26
26
|
|
|
27
|
-
-
|
|
28
|
-
-
|
|
29
|
-
-
|
|
30
|
-
-
|
|
31
|
-
-
|
|
27
|
+
- **Sub-50ms Latency**: Built on a globally distributed decision engine.
|
|
28
|
+
- **Adaptive Defenses**: Automatically escalates cryptographic challenges (BWT) for suspicious IPs.
|
|
29
|
+
- **Multi-Framework**: First-class support for Node.js (Express/Fastify) and Edge Runtimes (Next.js/Bun).
|
|
30
|
+
- **CLI Intelligence**: Stream live traffic decisions directly to your terminal with `sentinel tail`.
|
|
31
|
+
- **Outcome-Based**: Focuses on business results (e.g., bot reduction, capital saved) rather than just "block counts".
|
|
32
32
|
|
|
33
|
-
##
|
|
33
|
+
## Installation
|
|
34
34
|
|
|
35
35
|
```bash
|
|
36
36
|
npm install api-turnstile
|
|
37
37
|
```
|
|
38
38
|
|
|
39
|
-
##
|
|
39
|
+
## Quick Start
|
|
40
40
|
|
|
41
41
|
### Express / Node.js
|
|
42
42
|
```javascript
|
|
@@ -66,7 +66,7 @@ export default sentinelEdge({
|
|
|
66
66
|
});
|
|
67
67
|
```
|
|
68
68
|
|
|
69
|
-
##
|
|
69
|
+
## Configuration Deep Dive
|
|
70
70
|
|
|
71
71
|
| Option | Type | Default | Description |
|
|
72
72
|
| :--- | :--- | :--- | :--- |
|
|
@@ -82,7 +82,7 @@ export default sentinelEdge({
|
|
|
82
82
|
- **`balanced`**: Blocks obvious bots and high-risk signals.
|
|
83
83
|
- **`strict`**: Enforces zero-tolerance for automation and proxy traffic.
|
|
84
84
|
|
|
85
|
-
##
|
|
85
|
+
## Sentinel CLI
|
|
86
86
|
|
|
87
87
|
The package includes a powerful CLI for real-time forensics and monitoring.
|
|
88
88
|
|
|
@@ -100,7 +100,7 @@ sentinel check 1.2.3.4
|
|
|
100
100
|
sentinel stats
|
|
101
101
|
```
|
|
102
102
|
|
|
103
|
-
##
|
|
103
|
+
## Behavioral Work Tokens (BWT)
|
|
104
104
|
|
|
105
105
|
BWT is Sentinel's secret weapon. When an IP is deemed "unstable" (not yet high-risk enough to block), Sentinel issues a cryptographic challenge.
|
|
106
106
|
|
|
@@ -108,12 +108,12 @@ BWT is Sentinel's secret weapon. When an IP is deemed "unstable" (not yet high-r
|
|
|
108
108
|
2. Bot scripts (Headless Chrome, curl, python-requests) fail to solve the token.
|
|
109
109
|
3. Your server rejects the request before it ever hits your business logic.
|
|
110
110
|
|
|
111
|
-
##
|
|
111
|
+
## Links
|
|
112
112
|
|
|
113
113
|
- **[Dashboard & API Management](https://sentinel.risksignal.name.ng)**
|
|
114
114
|
- **[Documentation](https://sentinel.risksignal.name.ng/docs)**
|
|
115
115
|
- **[GitHub Repository](https://github.com/00xf5/sentinelapinpm)**
|
|
116
116
|
|
|
117
|
-
##
|
|
117
|
+
## License
|
|
118
118
|
|
|
119
119
|
MIT Š [Sentinel Security](https://sentinel.risksignal.name.ng)
|
package/package.json
CHANGED