Gathering detailed insights and metrics for express-limiter
Gathering detailed insights and metrics for express-limiter
Installations
npm install express-limiterDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
6.11.1
NPM Version
5.2.0
Releases
Unable to fetch releases
Languages
2
JavaScript
Makefile
JavaScript (98.5%)
Makefile (1.5%)
Developer
ded
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
421 Stars
50 Commits
53 Forks
7 Watchers
1 Branches
7 Contributors
Updated on Jun 25, 2025
Maintainers
1
Package Meta Information
Latest Version
1.6.1
Package Id
express-limiter@1.6.1
Size
4.62 kB
NPM Version
5.2.0
Node Version
6.11.1
Published on
Sep 18, 2017
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Express rate-limiter
Rate limiting middleware for Express applications built on redis
1npm install express-limiter --save
1var express = require('express') 2var app = express() 3var client = require('redis').createClient() 4 5var limiter = require('express-limiter')(app, client) 6 7/** 8 * you may also pass it an Express 4.0 `Router` 9 * 10 * router = express.Router() 11 * limiter = require('express-limiter')(router, client) 12 */ 13 14limiter({ 15 path: '/api/action', 16 method: 'get', 17 lookup: ['connection.remoteAddress'], 18 // 150 requests per hour 19 total: 150, 20 expire: 1000 * 60 * 60 21}) 22 23app.get('/api/action', function (req, res) { 24 res.send(200, 'ok') 25})
API options
1limiter(options)
path:Stringoptional route path to the requestmethod:Stringoptional http method. acceptsget,post,put,delete, and of course Express'alllookup:Function|String|Array.<String>value lookup on the request object. Can be a single value, array or function. See examples for common usagestotal:Numberallowed number of requests before getting rate limitedexpire:Numberamount of time inmsbefore the rate-limited is resetwhitelist:function(req)optional param allowing the ability to whitelist. returnboolean,trueto whitelist,falseto passthru to limiter.skipHeaders:Booleanwhether to skip sending HTTP headers for rate limits ()ignoreErrors:Booleanwhether errors generated from redis should allow the middleware to call next(). Defaults to false.onRateLimited:Functioncalled when a request exceeds the configured rate limit.
Examples
1// limit by IP address 2limiter({ 3 ... 4 lookup: 'connection.remoteAddress' 5 ... 6}) 7 8// or if you are behind a trusted proxy (like nginx) 9limiter({ 10 lookup: 'headers.x-forwarded-for' 11}) 12 13// by user (assuming a user is logged in with a valid id) 14limiter({ 15 lookup: 'user.id' 16}) 17 18// limit your entire app 19limiter({ 20 path: '*', 21 method: 'all', 22 lookup: 'connection.remoteAddress' 23}) 24 25// limit users on same IP 26limiter({ 27 path: '*', 28 method: 'all', 29 lookup: ['user.id', 'connection.remoteAddress'] 30}) 31 32// whitelist user admins 33limiter({ 34 path: '/delete/thing', 35 method: 'post', 36 lookup: 'user.id', 37 whitelist: function (req) { 38 return !!req.user.is_admin 39 } 40}) 41 42// skip sending HTTP limit headers 43limiter({ 44 path: '/delete/thing', 45 method: 'post', 46 lookup: 'user.id', 47 whitelist: function (req) { 48 return !!req.user.is_admin 49 }, 50 skipHeaders: true 51}) 52 53// call a custom limit handler 54limiter({ 55 path: '*', 56 method: 'all', 57 lookup: 'connection.remoteAddress', 58 onRateLimited: function (req, res, next) { 59 next({ message: 'Rate limit exceeded', status: 429 }) 60 } 61}) 62 63// with a function for dynamic-ness 64limiter({ 65 lookup: function(req, res, opts, next) { 66 if (validApiKey(req.query.api_key)) { 67 opts.lookup = 'query.api_key' 68 opts.total = 100 69 } else { 70 opts.lookup = 'connection.remoteAddress' 71 opts.total = 10 72 } 73 return next() 74 } 75}) 76
as direct middleware
1app.post('/user/update', limiter({ lookup: 'user.id' }), function (req, res) { 2 User.find(req.user.id).update(function (err) { 3 if (err) next(err) 4 else res.send('ok') 5 }) 6})
License MIT
Happy Rate Limiting!
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 7/28 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Reason
32 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-6cpc-mj5c-m9rq
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-92vm-wfm5-mxvv
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-gpvr-g6gh-9mc2
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
- Warn: Project is vulnerable to: GHSA-9qj9-36jm-prpv
- Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
- Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-7mc5-chhp-fmc3
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-f9cm-p3w6-xvr3
- Warn: Project is vulnerable to: GHSA-jjv7-qpx3-h62q
- Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-xwg4-93c6-3h42
- Warn: Project is vulnerable to: GHSA-jgqf-hwc5-hh37
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-c3x7-gjmx-r2ff
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-8225-6cvr-8pqp
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Score
2
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More