is-antibot 1.6.1 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/package.json +2 -1
- package/src/index.js +20 -6
package/README.md
CHANGED
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
- **CloudFlare** - Bot management and challenge pages
|
|
17
17
|
- **Vercel** - Attack mode protection
|
|
18
|
+
- **Anubis** - Techaro BotStopper proof-of-work challenge
|
|
18
19
|
- **Akamai** - Bot Manager and Web Application Protector
|
|
19
20
|
- **DataDome** - Bot protection with CAPTCHA challenges
|
|
20
21
|
- **PerimeterX** - Behavioral bot detection
|
|
@@ -28,6 +29,7 @@
|
|
|
28
29
|
- **ThreatMetrix** - LexisNexis fraud prevention and device fingerprinting
|
|
29
30
|
- **Meetrics** - User authenticity verification
|
|
30
31
|
- **Ocule** - Bot detection with advanced obfuscation
|
|
32
|
+
- **Instagram** - Login page redirect bot detection
|
|
31
33
|
- **YouTube** - BotGuard attestation and abuse detection
|
|
32
34
|
- **LinkedIn** - Bot filter protection
|
|
33
35
|
- **Reddit** - Network security challenge-page detection
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "is-antibot",
|
|
3
3
|
"description": "Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, PerimeterX, Shape Security, and more, including CAPTCHA providers like reCAPTCHA and hCaptcha.",
|
|
4
4
|
"homepage": "https://github.com/microlinkhq/is-antibot",
|
|
5
|
-
"version": "1.
|
|
5
|
+
"version": "1.7.0",
|
|
6
6
|
"exports": {
|
|
7
7
|
".": "./src/index.js"
|
|
8
8
|
},
|
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
"keywords": [
|
|
32
32
|
"akamai",
|
|
33
33
|
"antibot",
|
|
34
|
+
"anubis",
|
|
34
35
|
"arkose",
|
|
35
36
|
"aws-waf",
|
|
36
37
|
"bot",
|
package/src/index.js
CHANGED
|
@@ -385,12 +385,13 @@ const detect = ({ headers = {}, html = '', url = '', statusCode } = {}) => {
|
|
|
385
385
|
}
|
|
386
386
|
|
|
387
387
|
// Reddit: blocked requests are served as HTML challenge pages.
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
388
|
+
if (parseUrl(url).domain === 'reddit.com') {
|
|
389
|
+
if (statusCode === 403) {
|
|
390
|
+
return byStatusCode('reddit')
|
|
391
|
+
}
|
|
392
|
+
if (hasAnyHtml([/blocked by network security\./i])) {
|
|
393
|
+
return byHtml('reddit')
|
|
394
|
+
}
|
|
394
395
|
}
|
|
395
396
|
|
|
396
397
|
// LinkedIn: status 999 is LinkedIn's dedicated bot-detection response
|
|
@@ -412,6 +413,19 @@ const detect = ({ headers = {}, html = '', url = '', statusCode } = {}) => {
|
|
|
412
413
|
return byHtml('youtube')
|
|
413
414
|
}
|
|
414
415
|
|
|
416
|
+
// Anubis (Techaro BotStopper): challenge pages always contain the JSON script block
|
|
417
|
+
// `<script id="anubis_challenge" type="application/json">` (hardcoded in web/index.templ)
|
|
418
|
+
// and asset/API URLs under the Go constant `StaticPath = "/.within.website/x/cmd/anubis/"`.
|
|
419
|
+
// Source: https://github.com/TecharoHQ/anubis
|
|
420
|
+
if (
|
|
421
|
+
hasAnyHtml([
|
|
422
|
+
/<script id="anubis_challenge"/,
|
|
423
|
+
'/.within.website/x/cmd/anubis/'
|
|
424
|
+
])
|
|
425
|
+
) {
|
|
426
|
+
return byHtml('anubis')
|
|
427
|
+
}
|
|
428
|
+
|
|
415
429
|
// AWS WAF: Check for x-amzn-waf-action or x-amzn-requestid headers
|
|
416
430
|
// Reference: https://github.com/scrapfly/Antibot-Detector/blob/main/detectors/antibot/detect-aws-waf.json
|
|
417
431
|
if (hasAnyHeader(['x-amzn-waf-action', 'x-amzn-requestid'])) {
|