Skip to content

Releases: WebDecoy/node

v0.4.0 — stealth detection + tripwire deception

Choose a tag to compare

@cport1 cport1 released this 01 Jul 02:45
c552d38

What's Changed

  • feat(detection): stealth-browser detection for botasaurus-class scrapers (0.4.0) by @cport1 in #1
  • docs: document tripwire deception + rules engine in README by @cport1 in #2

New Contributors

  • @cport1 made their first contribution in #1

Full Changelog: v0.3.0...v0.4.0

v0.3.0 — Self-Hosted Captcha & Detection Engine

Choose a tag to compare

@cport1 cport1 released this 31 May 13:55

Adds a fully in-process bot-detection engine and self-hosted captcha — no remote call required for scoring. IP enrichment (VPN/proxy/Tor, abuse, geo) continues to use api.webdecoy.com.

Highlights

  • New package: @webdecoy/client — browser widget that collects ~40 behavioral, environmental, and fingerprint signals, solves a SHA-256 proof-of-work, and submits to your server. Checkbox + invisible modes, plus a standalone IIFE bundle.
  • DetectionEngine (@webdecoy/node) — scores signals in-process across vision-AI, headless, automation/CDP, behavioral, mobile touch/sensor, fingerprint, header, browser-consistency, JA3/JA4, form-interaction, and keystroke-cadence detectors into an allow / challenge / block verdict.
  • Captcha service — HMAC-signed proof-of-work challenges (difficulty scaling, replay protection, signals-commitment binding, server-side timing) + single-use, IP-bound session tokens.
  • Captcha endpoints for Express, Fastify, and Next.js (webdecoyCaptcha, webdecoyCaptchaPlugin, createCaptchaHandler) under a configurable base path (default /__webdecoy).
  • Runnable example: examples/captcha-express.

Notes

  • secret is required in production for signing challenges/tokens.
  • Stores are in-memory by default; supply challengeStore / tokenStore for serverless / multi-instance (Redis seam).
  • The scoring model is confidence-weighted, so a single signal (e.g. missing PoW) yields challenge, not block.

All packages published to npm at 0.3.0: `@webdecoy/node`, `@webdecoy/client`, `@webdecoy/express`, `@webdecoy/fastify`, `@webdecoy/nextjs`.

v0.2.0 — Rules Engine

Choose a tag to compare

@cport1 cport1 released this 09 Feb 05:08

What's New

Rules Engine

In-memory rules engine with first-deny-wins evaluation. Ships with two built-in rule types:

  • Rate Limiting — Fixed window and sliding window algorithms with configurable limits, windows, and actions (throttle with 429 + Retry-After, or deny with 403)
  • Filter Expressions — A declarative expression language for matching requests against IP, path, method, headers, country, ASN, and abuse score

Violation Event Reporting

Rule violations are buffered in the SDK and flushed in batches to the ingest service for dashboard visibility.

IP Enrichment

On-demand IP enrichment (GeoIP, VPN/proxy detection, AbuseIPDB) with 1-hour TTL cache and request deduplication. Powers filter expressions like ip.country == "CN" && ip.abuseScore > 80.

Framework Adapters

  • Express — Updated with rule engine integration (429/403 responses)
  • Next.js — New adapter (@webdecoy/nextjs)
  • Fastify — New adapter (@webdecoy/fastify)

Packages

Package Version
@webdecoy/node 0.2.0
@webdecoy/express 0.2.0
@webdecoy/nextjs 0.2.0
@webdecoy/fastify 0.2.0