Skip to content
/ is-antibot Public

Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, and more.

microlink.io/blog/antibot-at-scale

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

microlinkhq/is-antibot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github
.github
 
 
domains
domains
 
 
src
src
 
 
test
test
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.npmrc
.npmrc
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

microlink cdn

Last version Coverage Status NPM Status

Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, and more.

Supported Providers

Anti-Bot Systems

  • CloudFlare - Bot management and challenge pages
  • Vercel - Attack mode protection
  • Akamai - Bot Manager and Web Application Protector
  • DataDome - Bot protection with CAPTCHA challenges
  • PerimeterX - Behavioral bot detection
  • Shape Security - Enterprise bot management
  • Kasada - Advanced bot mitigation
  • Imperva/Incapsula - Web application firewall
  • AWS WAF - Amazon Web Services Web Application Firewall

CAPTCHA Providers

  • reCAPTCHA - Google's CAPTCHA service (v2 and v3)
  • hCaptcha - Privacy-focused CAPTCHA alternative
  • FunCaptcha - Arkose Labs interactive challenges
  • GeeTest - AI-powered CAPTCHA
  • Cloudflare Turnstile - Privacy-preserving CAPTCHA alternative

Why

Websites receiving massive quantities of traffic throughout the day, like LinkedIn, Instagram, or YouTube, have sophisticated antibot systems to prevent automated access.

When you try to fetch the HTML of these sites without the right tools, you often hit a 403 Forbidden, 429 Too Many Requests, or a "Please prove you're human" challenge, leaving you with a response that contains no useful data.

is-antibot is a lightweight, vendor-agnostic JavaScript library that identifies when a response is actually an antibot challenge, helping you understand when and why your request was blocked.

Install

$ npm install is-antibot --save

Usage

The library is designed for evaluating a HTTP response:

const isAntibot = require('is-antibot')

const response = await fetch('https://example.com')
const { detected, provider } = isAntibot(response)

if (detected) {
  console.log(`Antibot detected: ${provider}`)
}

The library expects a Fetch Response object, a Node.js Response object, or an object representing HTTP response headers as input.

You can also pass optional body and url parameters for enhanced detection:

const result = isAntibot({
  headers: response.headers,
  body: await response.text(),
  url: response.url
})

Response

The library returns an object with the following properties:

  • detected (boolean): Whether an antibot challenge was detected
  • provider (string|null): The name of the detected provider (e.g., 'cloudflare', 'recaptcha')

License

is-antibot © microlink.io, released under the MIT License.
Authored and maintained by microlink.io with help from contributors.

microlink.io · GitHub microlink.io · X @microlinkhq

About

Identify if a response is an antibot challenge from CloudFlare, Akamai, DataDome, Vercel, and more.

microlink.io/blog/antibot-at-scale

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.1.0 Latest
Jan 18, 2026
+ 2 releases

Packages

No packages published

Contributors 2

Languages