captcha.js.org

[Gioye]

• There is reasonable content on the page (see: No Content)
• I have read and accepted the Terms and Conditions
• The site content can be seen at https://wowcaptcha.netlify.app/

The site content is a simple JSON API with 999+ Image Files Stored In It, It uses a js script to work and needs to be in js.org

[Gioye]

there is a double subdomain being flagged in the pull request. i give up

[Gioye]

WARNING

There is no index.html due to this being an api endpoint,however there is /website/index.html

[MattIPv4]

👋 Please could you explain how this is related directly to the JavaScript ecosystem/community? Why is this something a JavaScript developer specifically would use more-so than anyone else?

Also, your site needs a proper HTML page at the root, or it will be automatically removed during future cleanups. It should explain what your site is and how folks should use it.

[Gioye]

👋 Please could you explain how this is related directly to the JavaScript ecosystem/community? Why is this something a JavaScript developer specifically would use more-so than anyone else?

Also, your site needs a proper HTML page at the root, or it will be automatically removed during future cleanups. It should explain what your site is and how folks should use it.

This Is coded 100% using javascript
if an index.html is NEEDED at the root, then i will add an index.html soon.

[Gioye]

👋 Please could you explain how this is related directly to the JavaScript ecosystem/community? Why is this something a JavaScript developer specifically would use more-so than anyone else?

Also, your site needs a proper HTML page at the root, or it will be automatically removed during future cleanups. It should explain what your site is and how folks should use it.

@MattIPv4 I've fixed everything and there's now a index.html. the API endpoint has been moved

[MattIPv4]

This Is coded 100% using javascript

That is not a justification for requesting a JS.org subdomain. Your site itself, the content/functionality, needs to be directly related to the JS ecosystem/community -- it needs to be something that other JS developers, specifically, would be interested in.

[Gioye]

This Is coded 100% using javascript

That is not a justification for requesting a JS.org subdomain. Your site itself, the content/functionality, needs to be directly related to the JS ecosystem/community -- it needs to be something that other JS developers, specifically, would be interested in.

Done!

[Gioye]

This Is coded 100% using javascript

That is not a justification for requesting a JS.org subdomain. Your site itself, the content/functionality, needs to be directly related to the JS ecosystem/community -- it needs to be something that other JS developers, specifically, would be interested in.

Oops Sorry. I meant other JS devs might be interested in this, more specifically because this is very simple to implement in visual JS.

[MattIPv4]

Are you offering an NPM package for this, is there documentation on how they'd integrate this into their sites?

[Gioye]

@MattIPv4

[Gioye]

Are you offering an NPM package for this, is there documentation on how they'd integrate this into their sites?

no, there is no NPM package
no. there is no documentation, however, i'll make a mini documentation right now @MattIPv4

[Gioye]

Are you offering an NPM package for this, is there documentation on how they'd integrate this into their sites?

@MattIPv4 i've added a mini documentation. please add my website

[Gioye]

i shoudld sleep, bye! i will might read this tomorrow to know if this has been merged

[MattIPv4]

@indus I defer to you here, but I do not feel this is related (it is just a Captcha service).

[Gioye]

@indus I defer to you here, but I do not feel this is related (it is just a Captcha service).

@MattIPv4 This follows all the rules and requirements of a js.org subdomain, and also follows every requirement you sent to me. i'll do anything for the subdomain. please accept.

[indus]

Here is an AI breakdown regarding the functionality/security of your captcha system:

The current CAPTCHA implementation is not secure. Here are the main problems:

1. Answer exposed to the client

   • The backend returns both the image URL and the correct answer in the JSON response.
   • Any bot can fetch the response and instantly know the solution without solving the captcha.

2. No server-side validation

   • The verification is done entirely in JavaScript on the client side.
   • A bot can bypass the CAPTCHA by directly sending requests to backend endpoints without ever solving it.

3. Small and static challenge pool

   • Only 288 possible captcha codes exist.
   • Even if the answer weren’t exposed, a bot could brute-force all possible values in milliseconds.

4. Predictable captcha image source

   • Images are stored at predictable URLs (https://captcha.js.org/captchas/###.png).
   • A bot could pre-download all images, map them to answers, and bypass the system permanently.

Sorry - but I won’t provide such a generic subdomain for such a trivial and dysfunctional project. It is more likely that I add "captcha" to the list of restricted subdomains: https://github.com/js-org/js.org/blob/master/records_restricted.js