npm - is-antibot - Versions diffs - 1.6.2 → 1.7.1 - Mend

is-antibot 1.6.2 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "is-antibot",
-  "description": "Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, PerimeterX, Shape Security, and more, including CAPTCHA providers like reCAPTCHA and hCaptcha.",
-  "homepage": "https://github.com/microlinkhq/is-antibot",
-  "version": "1.6.2",
+  "description": "Detect antibot protection from 30+ providers — Cloudflare, Akamai, DataDome, PerimeterX, Kasada, Imperva, reCAPTCHA, hCaptcha, Turnstile, and more.",
+  "homepage": "https://antibot.microlink.io/",
+  "version": "1.7.1",
   "exports": {
     ".": "./src/index.js"
   },
@@ -31,14 +31,18 @@
   "keywords": [
     "akamai",
     "antibot",
+    "anubis",
     "arkose",
     "aws-waf",
     "bot",
+    "bot-detection",
+    "bot-protection",
     "captcha",
     "challenge",
     "cloudflare",
     "datadome",
     "detection",
+    "friendly-captcha",
     "funcaptcha",
     "geetest",
     "hcaptcha",
@@ -46,13 +50,16 @@
     "incapsula",
     "kasada",
     "perimeterx",
+    "reblaze",
     "recaptcha",
     "scraper",
     "scraping",
     "shapesecurity",
+    "sucuri",
     "turnstile",
     "vercel",
-    "waf"
+    "waf",
+    "web-scraping"
   ],
   "dependencies": {
     "@metascraper/helpers": "~5.50.0",
@@ -64,14 +71,24 @@
     "@commitlint/config-conventional": "latest",
     "@ksmithut/prettier-standard": "latest",
     "ava": "latest",
+    "browser-sync": "latest",
     "c8": "latest",
     "ci-publish": "latest",
+    "concurrently": "latest",
     "conventional-changelog-cli": "latest",
+    "cssnano": "latest",
+    "cssnano-preset-advanced": "latest",
     "finepack": "latest",
     "git-authors-cli": "latest",
     "github-generate-release": "latest",
     "got": "11",
+    "gulp": "5",
+    "gulp-concat": "latest",
+    "gulp-postcss": "latest",
+    "gulp-uglify": "latest",
     "nano-staged": "latest",
+    "postcss": "latest",
+    "postcss-focus": "latest",
     "simple-git-hooks": "latest",
     "standard": "latest",
     "standard-version": "latest"
@@ -83,9 +100,12 @@
     "src"
   ],
   "scripts": {
+    "build": "gulp build",
     "clean": "rm -rf node_modules",
     "contributors": "(npx git-authors-cli && npx finepack && git add package.json && git commit -m 'build: contributors' --no-verify) || true",
     "coverage": "c8 report --reporter=text-lcov > coverage/lcov.info",
+    "dev": "concurrently \"gulp\" \"npm run dev:server\"",
+    "dev:server": "browser-sync start --server docs --files \"docs/index.html, docs/README.md, docs/static/**/*.(css|js)\"",
     "lint": "standard",
     "postrelease": "npm run release:tags && npm run release:github && (ci-publish || npm publish --access=public)",
     "pretest": "npm run lint",
@@ -127,5 +147,10 @@
   "simple-git-hooks": {
     "commit-msg": "npx commitlint --edit",
     "pre-commit": "npx nano-staged"
+  },
+  "standard": {
+    "ignore": [
+      "docs/static/main.min.js"
+    ]
   }
 }

package/src/index.js CHANGED Viewed

@@ -77,7 +77,7 @@ const detect = ({ headers = {}, html = '', url = '', statusCode } = {}) => {
   const byStatusCode = provider =>
     createResult(true, provider, DETECTION.STATUS_CODE)
-  // CloudFlare: Check for cf-mitigated header with 'challenge' value
+  // Cloudflare: Check for cf-mitigated header with 'challenge' value
   // Official docs: https://developers.cloudflare.com/cloudflare-challenges/challenge-types/challenge-pages/detect-response/
   if (getHeader('cf-mitigated') === 'challenge') {
     return byHeaders('cloudflare')
@@ -413,6 +413,19 @@ const detect = ({ headers = {}, html = '', url = '', statusCode } = {}) => {
     return byHtml('youtube')
   }
+  // Anubis (Techaro BotStopper): challenge pages always contain the JSON script block
+  // `<script id="anubis_challenge" type="application/json">` (hardcoded in web/index.templ)
+  // and asset/API URLs under the Go constant `StaticPath = "/.within.website/x/cmd/anubis/"`.
+  // Source: https://github.com/TecharoHQ/anubis
+  if (
+    hasAnyHtml([
+      /<script id="anubis_challenge"/,
+      '/.within.website/x/cmd/anubis/'
+    ])
+  ) {
+    return byHtml('anubis')
+  }
   // AWS WAF: Check for x-amzn-waf-action or x-amzn-requestid headers
   // Reference: https://github.com/scrapfly/Antibot-Detector/blob/main/detectors/antibot/detect-aws-waf.json
   if (hasAnyHeader(['x-amzn-waf-action', 'x-amzn-requestid'])) {

package/README.md DELETED Viewed

@@ -1,107 +0,0 @@
-<picture>
-  <source media="(prefers-color-scheme: dark)" srcset="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner-dark.png">
-  <img alt="microlink cdn" src="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner.png" align="center">
-</picture>
-![Last version](https://img.shields.io/github/tag/microlinkhq/is-antibot.svg?style=flat-square)
-[![Coverage Status](https://img.shields.io/coveralls/microlinkhq/is-antibot.svg?style=flat-square)](https://coveralls.io/github/microlinkhq/is-antibot)
-[![NPM Status](https://img.shields.io/npm/dm/is-antibot.svg?style=flat-square)](https://www.npmjs.org/package/is-antibot)
-> Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, and more.
-## Supported Providers
-### Anti-Bot Systems
-- **CloudFlare** - Bot management and challenge pages
-- **Vercel** - Attack mode protection
-- **Akamai** - Bot Manager and Web Application Protector
-- **DataDome** - Bot protection with CAPTCHA challenges
-- **PerimeterX** - Behavioral bot detection
-- **Shape Security** - Enterprise bot management
-- **Kasada** - Advanced bot mitigation
-- **Imperva/Incapsula** - Web application firewall
-- **AWS WAF** - Amazon Web Services Web Application Firewall
-- **Reblaze** - Cloud-based web security platform
-- **Cheq** - Bot detection and prevention
-- **Sucuri** - Website security platform and WAF
-- **ThreatMetrix** - LexisNexis fraud prevention and device fingerprinting
-- **Meetrics** - User authenticity verification
-- **Ocule** - Bot detection with advanced obfuscation
-- **YouTube** - BotGuard attestation and abuse detection
-- **LinkedIn** - Bot filter protection
-- **Reddit** - Network security challenge-page detection
-### CAPTCHA Providers
-- **reCAPTCHA** - Google's CAPTCHA service (v2 and v3)
-- **hCaptcha** - Privacy-focused CAPTCHA alternative
-- **FunCaptcha** - Arkose Labs interactive challenges
-- **GeeTest** - AI-powered CAPTCHA
-- **Cloudflare Turnstile** - Privacy-preserving CAPTCHA alternative
-- **Friendly Captcha** - GDPR-compliant privacy-first CAPTCHA
-- **Captcha.eu** - European GDPR-compliant CAPTCHA service
-- **QCloud Captcha** - Tencent Cloud CAPTCHA service
-- **AliExpress CAPTCHA** - AliExpress x5sec security challenge
-## Why
-Websites receiving massive quantities of traffic throughout the day, like LinkedIn, Reddit, Instagram, or YouTube, have sophisticated antibot systems to prevent automated access.
-When you try to fetch the HTML of these sites without the right tools, you often hit a 403 Forbidden, 429 Too Many Requests, or a "Please prove you're human" challenge, leaving you with a response that contains no useful data.
-**is-antibot** is a lightweight, vendor-agnostic JavaScript library that identifies when a response is actually an antibot challenge, helping you understand when and why your request was blocked.
-## Install
-```bash
-$ npm install is-antibot --save
-```
-## Usage
-Just pass `headers`, `html`, `url`, and `statusCode` from any HTTP response:
-```js
-const isAntibot = require('is-antibot')
-const response = await fetch('https://www.linkedin.com/in/kikobeats/')
-const html = await response.text()
-const { detected, provider, detection } = isAntibot({
-  headers: response.headers,
-  statusCode: response.status,
-  html,
-  url: response.url
-})
-if (detected) {
-  console.log(`Antibot detected: ${provider} via ${detection}`)
-}
-```
-It also works with [got](https://github.com/sindresorhus/got) or any library where `body` is a string:
-```js
-const response = await got('https://www.linkedin.com/in/kikobeats/')
-  .catch(error => errorresponse)
-const { detected, provider, detection } = isAntibot(response)
-if (detected) {
-  console.log(`Antibot detected: ${provider} via ${detection}`)
-}
-```
-The library returns an object with the following properties:
-- `detected` (boolean): Whether an antibot challenge was detected
-- `provider` (string|null): The name of the detected provider (e.g., 'cloudflare', 'recaptcha')
-- `detection` (string|null): Where the signal came from: `'headers'`, `'cookies'`, `'html'`, `'url'`, or `'statusCode'`
-## License
-**is-antibot** © [microlink.io](https://microlink.io), released under the [MIT](https://github.com/microlinkhq/is-antibot/blob/master/LICENSE.md) License.<br>
-Authored and maintained by [microlink.io](https://microlink.io) with help from [contributors](https://github.com/microlinkhq/is-antibot/contributors).
-> [microlink.io](https://microlink.io) · GitHub [microlink.io](https://github.com/microlinkhq) · X [@microlinkhq](https://x.com/microlinkhq)