Bot spoofing and how to detect it with Arcjet
We're adding more detailed verification options for developers where every request will be checked behind the scenes using published IP and reverse DNS data for common bots.
Arcjet changelog of product updates for July & August 2024.
Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, & defense against common attacks.
This is the changelog of product updates for July & August 2024.
We released 4 new JS SDK versions: v1.0.0-alpha.18, 19, 20 and 21.
Our email validation primitive allows you to a) validate email syntax, b) verify that an email address is deliverable e.g. by checking for MX records. The first of those checks is done entirely locally whereas the second step requires a call to our API to perform various database & network lookups.
This primitive can be configured to block free & disposable email providers in order to minimize signup spam and abuse.
Prior to SDK alpha 19, the disposable email check was also performed via our API, but we've now moved part of this this locally as well. Common free and disposable email providers can now be detected without requiring an API call. This allows us to return a decision faster in more cases.
Our goal is to do as much locally in your environment as possible and is why we bundle a WebAssembly module with the SDK. This allows us to write the logic once (in Rust) and ship it with the SDK so it can be executed in a secure sandbox in any environment. There's a lot more we are aiming to do here!
Although we favor local-first processing, sometimes a decision is needed via our API so we spend a lot of time on improving latency.
The alpha 21 SDK release introduces new support for using persistent HTTP2 sessions. We considered using WebSockets, but persistent connections in HTTP2 provide better support for things like authorization headers.
With this change, after the first request, subsequent requests will reuse the existing connection to our API. Avoiding the TCP/TLS handshake on every request results in a significant performance improvement - up to 2-3x faster.
These benefits can be seen for any application using Arcjet from a long running process e.g. a Node.js server. It also works on serverless functions that remain warm across requests, such as Vercel's serverless functions using the Node.js runtime.
We release new SDK versions regularly to resolve small bugs and feedback reported to us. We're approaching switching the JS SDK version from alpha to beta, where we will be aiming to stabilize the API and avoid breaking changes.
If you have any feedback then please open a GitHub issue or chat to us on Discord.
We're adding more detailed verification options for developers where every request will be checked behind the scenes using published IP and reverse DNS data for common bots.
Arcjet security as code adapters for NestJS and Remix.
Support for Next.js 15 with performance improvements and full support for server actions.
Get the full posts by email every week.