There is no such thing as a "non-VoIP phone number". All phone numbers are phone numbers. Some people try to ban blocks assigned to small phone providers, but some actual humans use those. Meanwhile major carriers are leasing numbers to anyone who pays from the same blocks they issue to cellular customers. Also, number portability means even blocks don't mean anything anymore.

Large companies sometimes claim to do this "to fight spam" because it's an excuse to collect phone numbers, but that's because most humans only have one or two and it serves as a tracking ID, not because spammers don't have access to a million. Be suspicious of anyone who demands this.

If it’s really important to you then use Apple / Google / GitHub login.

Obviously this has many downsides, especially from a privacy perspective, but it quickly allows you to stop all but the most sophisticated bots from registering.

Personally I just stick my sites behind Cloudflare until they’re big enough to warrant more effort. It prevents most bots without too much burden on users. Also relatively simple to move away from.

Unfortunately, every anti-bot feature also harms real people. As a voip user, I wouldn't be able to sign up for your app.