is-antibot 1.7.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +28 -4
- package/src/index.js +1 -1
- package/README.md +0 -109
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "is-antibot",
|
|
3
|
-
"description": "
|
|
4
|
-
"homepage": "https://
|
|
5
|
-
"version": "1.7.
|
|
3
|
+
"description": "Detect antibot protection from 30+ providers — Cloudflare, Akamai, DataDome, PerimeterX, Kasada, Imperva, reCAPTCHA, hCaptcha, Turnstile, and more.",
|
|
4
|
+
"homepage": "https://antibot.microlink.io/",
|
|
5
|
+
"version": "1.7.1",
|
|
6
6
|
"exports": {
|
|
7
7
|
".": "./src/index.js"
|
|
8
8
|
},
|
|
@@ -35,11 +35,14 @@
|
|
|
35
35
|
"arkose",
|
|
36
36
|
"aws-waf",
|
|
37
37
|
"bot",
|
|
38
|
+
"bot-detection",
|
|
39
|
+
"bot-protection",
|
|
38
40
|
"captcha",
|
|
39
41
|
"challenge",
|
|
40
42
|
"cloudflare",
|
|
41
43
|
"datadome",
|
|
42
44
|
"detection",
|
|
45
|
+
"friendly-captcha",
|
|
43
46
|
"funcaptcha",
|
|
44
47
|
"geetest",
|
|
45
48
|
"hcaptcha",
|
|
@@ -47,13 +50,16 @@
|
|
|
47
50
|
"incapsula",
|
|
48
51
|
"kasada",
|
|
49
52
|
"perimeterx",
|
|
53
|
+
"reblaze",
|
|
50
54
|
"recaptcha",
|
|
51
55
|
"scraper",
|
|
52
56
|
"scraping",
|
|
53
57
|
"shapesecurity",
|
|
58
|
+
"sucuri",
|
|
54
59
|
"turnstile",
|
|
55
60
|
"vercel",
|
|
56
|
-
"waf"
|
|
61
|
+
"waf",
|
|
62
|
+
"web-scraping"
|
|
57
63
|
],
|
|
58
64
|
"dependencies": {
|
|
59
65
|
"@metascraper/helpers": "~5.50.0",
|
|
@@ -65,14 +71,24 @@
|
|
|
65
71
|
"@commitlint/config-conventional": "latest",
|
|
66
72
|
"@ksmithut/prettier-standard": "latest",
|
|
67
73
|
"ava": "latest",
|
|
74
|
+
"browser-sync": "latest",
|
|
68
75
|
"c8": "latest",
|
|
69
76
|
"ci-publish": "latest",
|
|
77
|
+
"concurrently": "latest",
|
|
70
78
|
"conventional-changelog-cli": "latest",
|
|
79
|
+
"cssnano": "latest",
|
|
80
|
+
"cssnano-preset-advanced": "latest",
|
|
71
81
|
"finepack": "latest",
|
|
72
82
|
"git-authors-cli": "latest",
|
|
73
83
|
"github-generate-release": "latest",
|
|
74
84
|
"got": "11",
|
|
85
|
+
"gulp": "5",
|
|
86
|
+
"gulp-concat": "latest",
|
|
87
|
+
"gulp-postcss": "latest",
|
|
88
|
+
"gulp-uglify": "latest",
|
|
75
89
|
"nano-staged": "latest",
|
|
90
|
+
"postcss": "latest",
|
|
91
|
+
"postcss-focus": "latest",
|
|
76
92
|
"simple-git-hooks": "latest",
|
|
77
93
|
"standard": "latest",
|
|
78
94
|
"standard-version": "latest"
|
|
@@ -84,9 +100,12 @@
|
|
|
84
100
|
"src"
|
|
85
101
|
],
|
|
86
102
|
"scripts": {
|
|
103
|
+
"build": "gulp build",
|
|
87
104
|
"clean": "rm -rf node_modules",
|
|
88
105
|
"contributors": "(npx git-authors-cli && npx finepack && git add package.json && git commit -m 'build: contributors' --no-verify) || true",
|
|
89
106
|
"coverage": "c8 report --reporter=text-lcov > coverage/lcov.info",
|
|
107
|
+
"dev": "concurrently \"gulp\" \"npm run dev:server\"",
|
|
108
|
+
"dev:server": "browser-sync start --server docs --files \"docs/index.html, docs/README.md, docs/static/**/*.(css|js)\"",
|
|
90
109
|
"lint": "standard",
|
|
91
110
|
"postrelease": "npm run release:tags && npm run release:github && (ci-publish || npm publish --access=public)",
|
|
92
111
|
"pretest": "npm run lint",
|
|
@@ -128,5 +147,10 @@
|
|
|
128
147
|
"simple-git-hooks": {
|
|
129
148
|
"commit-msg": "npx commitlint --edit",
|
|
130
149
|
"pre-commit": "npx nano-staged"
|
|
150
|
+
},
|
|
151
|
+
"standard": {
|
|
152
|
+
"ignore": [
|
|
153
|
+
"docs/static/main.min.js"
|
|
154
|
+
]
|
|
131
155
|
}
|
|
132
156
|
}
|
package/src/index.js
CHANGED
|
@@ -77,7 +77,7 @@ const detect = ({ headers = {}, html = '', url = '', statusCode } = {}) => {
|
|
|
77
77
|
const byStatusCode = provider =>
|
|
78
78
|
createResult(true, provider, DETECTION.STATUS_CODE)
|
|
79
79
|
|
|
80
|
-
//
|
|
80
|
+
// Cloudflare: Check for cf-mitigated header with 'challenge' value
|
|
81
81
|
// Official docs: https://developers.cloudflare.com/cloudflare-challenges/challenge-types/challenge-pages/detect-response/
|
|
82
82
|
if (getHeader('cf-mitigated') === 'challenge') {
|
|
83
83
|
return byHeaders('cloudflare')
|
package/README.md
DELETED
|
@@ -1,109 +0,0 @@
|
|
|
1
|
-
<picture>
|
|
2
|
-
<source media="(prefers-color-scheme: dark)" srcset="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner-dark.png">
|
|
3
|
-
<img alt="microlink cdn" src="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner.png" align="center">
|
|
4
|
-
</picture>
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
[](https://coveralls.io/github/microlinkhq/is-antibot)
|
|
8
|
-
[](https://www.npmjs.org/package/is-antibot)
|
|
9
|
-
|
|
10
|
-
> Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, and more.
|
|
11
|
-
|
|
12
|
-
## Supported Providers
|
|
13
|
-
|
|
14
|
-
### Anti-Bot Systems
|
|
15
|
-
|
|
16
|
-
- **CloudFlare** - Bot management and challenge pages
|
|
17
|
-
- **Vercel** - Attack mode protection
|
|
18
|
-
- **Anubis** - Techaro BotStopper proof-of-work challenge
|
|
19
|
-
- **Akamai** - Bot Manager and Web Application Protector
|
|
20
|
-
- **DataDome** - Bot protection with CAPTCHA challenges
|
|
21
|
-
- **PerimeterX** - Behavioral bot detection
|
|
22
|
-
- **Shape Security** - Enterprise bot management
|
|
23
|
-
- **Kasada** - Advanced bot mitigation
|
|
24
|
-
- **Imperva/Incapsula** - Web application firewall
|
|
25
|
-
- **AWS WAF** - Amazon Web Services Web Application Firewall
|
|
26
|
-
- **Reblaze** - Cloud-based web security platform
|
|
27
|
-
- **Cheq** - Bot detection and prevention
|
|
28
|
-
- **Sucuri** - Website security platform and WAF
|
|
29
|
-
- **ThreatMetrix** - LexisNexis fraud prevention and device fingerprinting
|
|
30
|
-
- **Meetrics** - User authenticity verification
|
|
31
|
-
- **Ocule** - Bot detection with advanced obfuscation
|
|
32
|
-
- **Instagram** - Login page redirect bot detection
|
|
33
|
-
- **YouTube** - BotGuard attestation and abuse detection
|
|
34
|
-
- **LinkedIn** - Bot filter protection
|
|
35
|
-
- **Reddit** - Network security challenge-page detection
|
|
36
|
-
|
|
37
|
-
### CAPTCHA Providers
|
|
38
|
-
|
|
39
|
-
- **reCAPTCHA** - Google's CAPTCHA service (v2 and v3)
|
|
40
|
-
- **hCaptcha** - Privacy-focused CAPTCHA alternative
|
|
41
|
-
- **FunCaptcha** - Arkose Labs interactive challenges
|
|
42
|
-
- **GeeTest** - AI-powered CAPTCHA
|
|
43
|
-
- **Cloudflare Turnstile** - Privacy-preserving CAPTCHA alternative
|
|
44
|
-
- **Friendly Captcha** - GDPR-compliant privacy-first CAPTCHA
|
|
45
|
-
- **Captcha.eu** - European GDPR-compliant CAPTCHA service
|
|
46
|
-
- **QCloud Captcha** - Tencent Cloud CAPTCHA service
|
|
47
|
-
- **AliExpress CAPTCHA** - AliExpress x5sec security challenge
|
|
48
|
-
|
|
49
|
-
## Why
|
|
50
|
-
|
|
51
|
-
Websites receiving massive quantities of traffic throughout the day, like LinkedIn, Reddit, Instagram, or YouTube, have sophisticated antibot systems to prevent automated access.
|
|
52
|
-
|
|
53
|
-
When you try to fetch the HTML of these sites without the right tools, you often hit a 403 Forbidden, 429 Too Many Requests, or a "Please prove you're human" challenge, leaving you with a response that contains no useful data.
|
|
54
|
-
|
|
55
|
-
**is-antibot** is a lightweight, vendor-agnostic JavaScript library that identifies when a response is actually an antibot challenge, helping you understand when and why your request was blocked.
|
|
56
|
-
|
|
57
|
-
## Install
|
|
58
|
-
|
|
59
|
-
```bash
|
|
60
|
-
$ npm install is-antibot --save
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
## Usage
|
|
64
|
-
|
|
65
|
-
Just pass `headers`, `html`, `url`, and `statusCode` from any HTTP response:
|
|
66
|
-
|
|
67
|
-
```js
|
|
68
|
-
const isAntibot = require('is-antibot')
|
|
69
|
-
|
|
70
|
-
const response = await fetch('https://www.linkedin.com/in/kikobeats/')
|
|
71
|
-
const html = await response.text()
|
|
72
|
-
|
|
73
|
-
const { detected, provider, detection } = isAntibot({
|
|
74
|
-
headers: response.headers,
|
|
75
|
-
statusCode: response.status,
|
|
76
|
-
html,
|
|
77
|
-
url: response.url
|
|
78
|
-
})
|
|
79
|
-
|
|
80
|
-
if (detected) {
|
|
81
|
-
console.log(`Antibot detected: ${provider} via ${detection}`)
|
|
82
|
-
}
|
|
83
|
-
```
|
|
84
|
-
|
|
85
|
-
It also works with [got](https://github.com/sindresorhus/got) or any library where `body` is a string:
|
|
86
|
-
|
|
87
|
-
```js
|
|
88
|
-
const response = await got('https://www.linkedin.com/in/kikobeats/')
|
|
89
|
-
.catch(error => errorresponse)
|
|
90
|
-
|
|
91
|
-
const { detected, provider, detection } = isAntibot(response)
|
|
92
|
-
|
|
93
|
-
if (detected) {
|
|
94
|
-
console.log(`Antibot detected: ${provider} via ${detection}`)
|
|
95
|
-
}
|
|
96
|
-
```
|
|
97
|
-
|
|
98
|
-
The library returns an object with the following properties:
|
|
99
|
-
|
|
100
|
-
- `detected` (boolean): Whether an antibot challenge was detected
|
|
101
|
-
- `provider` (string|null): The name of the detected provider (e.g., 'cloudflare', 'recaptcha')
|
|
102
|
-
- `detection` (string|null): Where the signal came from: `'headers'`, `'cookies'`, `'html'`, `'url'`, or `'statusCode'`
|
|
103
|
-
|
|
104
|
-
## License
|
|
105
|
-
|
|
106
|
-
**is-antibot** © [microlink.io](https://microlink.io), released under the [MIT](https://github.com/microlinkhq/is-antibot/blob/master/LICENSE.md) License.<br>
|
|
107
|
-
Authored and maintained by [microlink.io](https://microlink.io) with help from [contributors](https://github.com/microlinkhq/is-antibot/contributors).
|
|
108
|
-
|
|
109
|
-
> [microlink.io](https://microlink.io) · GitHub [microlink.io](https://github.com/microlinkhq) · X [@microlinkhq](https://x.com/microlinkhq)
|