You can keep track on the server what a player is allowed to spawn, own, have etc.
There’s server events like entityCreating, giveWeaponEvent, explosionEvent and more. In the end, you are able to catch 90% of cheaters using server events and “getter” natives - GetPlayerArmour, GetWeaponDamageModifier. There are even natives to check if a player is spectating someone else.
Links: Native Reference - Cfx.re Docs, Server events - Cfx.re Docs etc
Don’t forget to read this too How hackers can exploit your servers and what to do about it and gain insight through “anti cheat” code on Github
It takes some time to get an anti-cheat that works according to what you want (as every server is different), so buying an anti-cheat is a waste of money. Truly because as a server owner you must know how to code. Learning is the whole point of owning a server. You create the world you want your players to experience. Don’t limit yourself by using the creations of others. Also don’t start/have a server if you’re unwilling to learn.