Gathering detailed insights and metrics for express-rate-limit
Gathering detailed insights and metrics for express-rate-limit
Basic rate-limiting middleware for the Express web server
Installations
npm install express-rate-limitDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
>= 16
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
2,923 Stars
747 Commits
226 Forks
15 Watching
10 Branches
62 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (99.94%)
Shell (0.06%)
Total Downloads
Cumulative downloads
Total Downloads
194,506,851
Last day
-22.3%
227,128
Compared to previous day
Last week
0.7%
1,310,557
Compared to previous week
Last month
4.7%
5,775,295
Compared to previous month
Last year
-5.9%
70,739,319
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Versions
express-rate-limit
Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.
Usage
The full documentation is available on-line.
1import { rateLimit } from 'express-rate-limit'
2
3const limiter = rateLimit({
4 windowMs: 15 * 60 * 1000, // 15 minutes
5 limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
6 standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
7 legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
8 // store: ... , // Redis, Memcached, etc. See below.
9})
10
11// Apply the rate limiting middleware to all requests.
12app.use(limiter)Data Stores
The rate limiter comes with a built-in memory store, and supports a variety of external data stores.
Configuration
All function options may be async. Click the name for additional info and default values.
| Option | Type | Remarks |
|---|---|---|
windowMs | number | How long to remember requests for, in milliseconds. |
limit | number | function | How many requests to allow. |
message | string | json | function | Response to return after limit is reached. |
statusCode | number | HTTP status code after limit is reached (default is 429). |
handler | function | Function to run after limit is reached (overrides message and statusCode settings, if set). |
legacyHeaders | boolean | Enable the X-Rate-Limit header. |
standardHeaders | 'draft-6' | 'draft-7' | Enable the Ratelimit header. |
store | Store | Use a custom store to share hit counts across multiple nodes. |
passOnStoreError | boolean | Allow (true) or block (false, default) traffic if the store becomes unavailable. |
keyGenerator | function | Identify users (defaults to IP address). |
requestPropertyName | string | Add rate limit info to the req object. |
skip | function | Return true to bypass the limiter for the given request. |
skipSuccessfulRequests | boolean | Uncount 1xx/2xx/3xx responses. |
skipFailedRequests | boolean | Uncount 4xx/5xx responses. |
requestWasSuccessful | function | Used by skipSuccessfulRequests and skipFailedRequests. |
validate | boolean | object | Enable or disable built-in validation checks. |
Thank You
Sponsored by Zuplo a fully-managed API Gateway for developers. Add dynamic rate-limiting, authentication and more to any API in minutes. Learn more at zuplo.com
Thanks to Mintlify for hosting the documentation at express-rate-limit.mintlify.app
Finally, thank you to everyone who's contributed to this project in any way! 🫶
Issues and Contributing
If you encounter a bug or want to see something added/changed, please go ahead and open an issue! If you need help with something, feel free to start a discussion!
If you wish to contribute to the library, thanks! First, please read the contributing guide. Then you can pick up any issue and fix/implement it!
License
MIT © Nathan Friedly, Vedant K
No vulnerabilities found.
No security vulnerabilities found.