@fingerprintjs/botd
Advanced tools
BotD is an open source library that we created to make it easy for every developer to detect basic bots in their web apps.
It is available under a permissive MIT license and will always be free for developers and commercial use.
We keep the open-source BotD package healthy with timely critical fixes and regressions addressed as fast as possible. That said, the near-term roadmap is stability-only, so new features are unlikely to land soon. Please plan accordingly if you depend on upcoming enhancements.
For more demanding applications we created a professional API-based bot detection software that is called Fingerprint Pro Bot Detection.
<script>
// Initialize an agent at application startup, once per page/app.
const botdPromise = import('https://openfpcdn.io/botd/v2').then((Botd) => Botd.load())
// Get detection results when you need them.
botdPromise
.then((botd) => botd.detect())
.then((result) => console.log(result))
.catch((error) => console.error(error))
</script>
npm i @fingerprintjs/botd
# or
yarn add @fingerprintjs/botd
import { load } from '@fingerprintjs/botd'
// Initialize an agent at application startup, once per page/app.
const botdPromise = load()
// Get detection results when you need them.
botdPromise
.then((botd) => botd.detect())
.then((result) => console.log(result))
.catch((error) => console.error(error))
Fingerprint Pro Bot Detection is a professional bot detection service that processes all information server-side and transmits it securely to your servers using server-to-server APIs.
Fingerprint Pro Bot Detection provides both browser and server-side APIs that make the process of bot detection fast and secure. When using the Pro Bot Detection, use the browser JavaScript SDK to obtain the requestID value and then verify this value using our server API.
The Pro product combines vast amounts of auxiliary data that bots leak (cursor movements, network overrides, browser changes and more) to be able to reliably deduplicate real users from automated software, resulting in the detection of popular automation tools, their derivatives and plugins.
A big advantage of the Pro detection is that it's able to distinguish good bots from bad ones that allow you to block malicious traffic without blocking search engine crawlers, monitoring workers, etc.
Full product comparison:
| Open Source | Pro | |
|---|---|---|
Core Features | ||
| 100% open source | yes | no1 |
| Search engine detection works in all modern browsers - see our full list of browsers supported | – | ✓ |
| Automation web services detection | – | ✓ |
| Automation browser extensions detection | – | ✓ |
Detectable automation tools & frameworks | ||
| Headless Browsers (Chrome, Firefox) | ✓ | ✓ |
| seleniumHQ/selenium umbrella project encapsulating a variety of tools and libraries enabling web browser automation | ✓ | ✓ |
| microsoft/playwright Node.js library to automate Chromium, Firefox and WebKit with a single API | ✓ | ✓ |
| ariya/phantomjs headless WebKit scriptable with JavaScript | ✓ | ✓ |
| segmentio/nightmare high-level browser automation library | ✓ | ✓ |
| electron/electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS | ✓ | ✓ |
| laurentj/slimerjs scriptable browser | ✓ | ✓ |
Detectable stealth plugins | ||
| berstend/puppeteer-extra/packages/puppeteer-extra-plugin-stealth plugin for puppeteer-extra to prevent detection. | - | ✓ |
| microlinkhq/browserless efficient driver for controlling headless browsers built on top of puppeteer developed for scenarios where performance matters | - | ✓ |
| ultrafunkamsterdam/undetected-chromedriver optimized Selenium Chromedriver patch which does not trigger anti-bot services | - | ✓ |
| MeiK2333/pyppeteer_stealth stealth plugin for pyppeteer | - | ✓ |
Additional Features | ||
| Server-side accuracy increase based on additional server-side data, such as TLS crypto support, ipv4/v6 data and others | – | ✓ |
| Query API build flexible workflows | – | ✓ |
Operations | ||
| Data security | Your infrastructure | Encrypted at rest |
| Storage | Your infrastructure | Unlimited up to 1 yr |
| Regions | Your infrastructure | Hosting in US, EU and Mumbai |
| Compliance | Your infrastructure | GDPR, CCPA compliant2 |
| SLA | No SLA | 99.9% Uptime |
| Support | GitHub community | Support team via email, chat, and call-back within 1 business day |
1. Pro uses the open source BotD library as well as proprietary technology for increased accuracy and result stability.
2. Fingerprint Pro is GDPR and CCPA compliant as the data processor. You still need to be compliant as the data controller and use the bot detection for fraud prevention under legitimate interest or ask for user consent.
Pro result example:
{
"bot": {
"result": "bad"
"type": "selenium"
}
}
📕 Fingerprint Pro documentation
v0v1The library supports all popular browsers. See more details and learn how to run the library in old browsers in the browser support guide.
Thanks to our series B funding, we are happy to provide technical support for our open-source BotD library. We recommend using GitHub Issues to submit bugs or Discussions to ask questions. Using issues and discussions publicly will help the open-source community and other users with similar issues. However, if you require private support, please email us at oss-support@fingerprint.com.
See the Contribution guidelines to learn how to contribute to the project or run the project locally. Please read it carefully before making a pull request.
© 2025 FingerprintJS, Inc
FAQs
botd is a browser library for JavaScript bot detection
The npm package @fingerprintjs/botd receives a total of 114,509 weekly downloads. As such, @fingerprintjs/botd popularity was classified as popular.
We found that @fingerprintjs/botd demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.
Security News
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.