How it works
The flow has three steps: your server creates a signed JWT challenge, the browser widget runs a proof-of-work computation to produce a valid nonce, and your server re-verifies the signature and the nonce before accepting any action. Because the challenge payload is self-contained and signed with yourRIBAUNT_SECRET, the server can verify it at any time without persisting anything between requests.
For a deeper look at the cryptographic details and replay protection strategies, see the How it works page.
Key features
Stateless
Challenges are signed JWTs — no database, cache, or shared session store needed to issue or verify them.
Browser widget
A built-in Web Component works with plain HTML. A React wrapper (
ribaunt/widget-react) integrates with React and Next.js.Replay protection
Local (process-level) replay protection is on by default. For serverless or multi-instance deployments, plug in a Redis/Valkey store.
Fully typed
Written in TypeScript with full type declarations included. No
@types package needed.Configurable difficulty
Tune
difficulty, amount, and ttlSeconds per endpoint to balance security and user experience.Themeable
Style the widget with CSS custom properties — match any design system without touching shadow DOM internals.
Installation
Install Ribaunt from npm using your preferred package manager.Browser solving requires a secure context — use HTTPS in production or
http://localhost during development. Loading the widget from a plain LAN address such as http://192.168.x.x will fail because the Web Crypto API is unavailable in non-secure contexts.Next steps
Quickstart
Set up your secret, create server endpoints, and add the widget to your page in under five minutes.
How it works
Understand the full proof-of-work flow, JWT challenge structure, and replay prevention in depth.