Gathering detailed insights and metrics for node-ratelimiter
Gathering detailed insights and metrics for node-ratelimiter
Installations
npm install node-ratelimiterDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
5.9.0
NPM Version
3.7.3
Releases
Unable to fetch releases
Languages
2
JavaScript
Makefile
JavaScript (98.72%)
Makefile (1.28%)
Developer
marmelab
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
2 Stars
85 Commits
8 Watchers
6 Branches
18 Contributors
Updated on Feb 08, 2022
Maintainers
1
Package Meta Information
Latest Version
3.1.0
Package Id
node-ratelimiter@3.1.0
Size
5.66 kB
NPM Version
3.7.3
Node Version
5.9.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
node-ratelimiter
Rate limiter for Node.js.
Release Notes
v3.1.0 - #7 - Fix memory adapter & #8 new id retrieval method (no breaking change)
v3.0.0 - Add multiple adapters support (redis, memory, null)
v2.1.2 - #17 by @waleedsamy - Add Travis CI support
v2.1.1 - #13 by @kwizzn - Fixes out-of-sync TTLs after running decr()
v2.1.0 - #12 by @luin - Adding support for ioredis
v2.0.1 - #9 by @ruimarinho - Update redis commands to use array notation.
v2.0.0 - API CHANGE - Change remaining to include current call instead of decreasing it. Decreasing caused an off-by-one problem and caller could not distinguish between last legit call and a rejected call.
Requirements
- Redis 2.6.12+.
Installation
$ npm install node-ratelimiter
Example
Example Connect middleware implementation limiting against a user._id:
1var Limiter = require('node-ratelimiter'); 2var redisAdapter = Limiter.redisAdapter; 3 4var limiter = new Limiter({ id: req.user._id }, redisAdapter(redis.createClient())); 5 6limiter.newHit(function(err, limit){ 7 if (err) return next(err); 8 9 res.set('X-RateLimit-Limit', limit.total); 10 res.set('X-RateLimit-Remaining', limit.remaining - 1); 11 res.set('X-RateLimit-Reset', limit.reset); 12 13 // all good 14 debug('remaining %s/%s %s', limit.remaining - 1, limit.total, id); 15 if (limit.remaining) return next(); 16 17 // not good 18 var delta = (limit.reset * 1000) - Date.now() | 0; 19 var after = limit.reset - (Date.now() / 1000) | 0; 20 res.set('Retry-After', after); 21 res.send(429, 'Rate limit exceeded, retry in ' + ms(delta, { long: true })); 22});
Result Object
total-maxvalueremaining- number of calls left in currentdurationwithout decreasing currentgetreset- time in milliseconds until the end of currentduration
Options
id- the identifier to limit against (typically a user id)max [Number]- max requests withinduration[2500]duration [Number]- of limit in milliseconds [3600000]
Adapters
RedisAdapter
Initialize a new adapter with:
1var redis = require('redis'); 2var Limiter = require('node-ratelimiter'); 3var redisAdapter = Limiter.redisAdapter; 4 5var adapter = redisAdapter(redis.createClient());
MemoryAdapter
This adapter is meant to be used in dev. Do not use it in production.
Initialize a new adapter with:
1var Limiter = require('node-ratelimiter'); 2var memoryAdapter = Limiter.memoryAdapter; 3 4var adapter = memoryAdapter();
NullAdapter
This adapter is meant to be used for tests only when you want to disable the rate limiting.
Initialize a new adapter with:
1var Limiter = require('node-ratelimiter'); 2var nullAdapter = Limiter.nullAdapter; 3 4var adapter = nullAdapter();
Custom adapter
The adapter passed to the Limiter constructor should be a function accepting the following parameters:
id [String]: the identifier being limited (for example: an ip address)max [Number]: the number of calls accepted before being rate-limitedduration [Number]: the duration after which the counter will be reset
The function should return an object with the following methods:
-
newHit(): registers a new hit and returns the result objecttotal-maxvalueremaining- number of calls left in currentdurationwithout decreasing currentgetreset- time in milliseconds until the end of currentduration
-
get(): returns the result object without increasing the hit countertotal-maxvalueremaining- number of calls left in currentdurationwithout decreasing currentgetreset- time in milliseconds until the end of currentduration
License
MIT
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
Found 8/20 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More