Gathering detailed insights and metrics for ratelimiter
Gathering detailed insights and metrics for ratelimiter
Installations
npm install ratelimiterReleases
Unable to fetch releases
Developer
visionmedia
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
6.9.1
NPM Version
5.5.1
Statistics
719 Stars
125 Commits
62 Forks
13 Watching
12 Branches
18 Contributors
Updated on 20 Sept 2024
Languages
JavaScript (98.9%)
Makefile (1.1%)
Total Downloads
Cumulative downloads
Total Downloads
12,840,408
Last day
54.8%
108,974
Compared to previous day
Last week
16.2%
462,474
Compared to previous week
Last month
8.3%
1,612,448
Compared to previous month
Last year
245.4%
6,475,350
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
ratelimiter
Rate limiter for Node.js backed by Redis.
NOTE: Promise version available at async-ratelimiter.
Release Notes
v3.4.1 - #55 by @barwin - Remove splice operation.
v3.3.1 - #51 - Remove tidy option as it's always true.
v3.3.0 - #47 by @penghap - Add tidy option to clean old records upon saving new records. Drop support in node 4.
v3.2.0 - #44 by @xdmnl - Return accurate reset time for each limited call.
v3.1.0 - #40 by @ronjouch - Add reset milliseconds to the result object.
v3.0.2 - #33 by @promag - Use sorted set to limit with moving window.
v2.2.0 - #30 by @kp96 - Race condition when using async.times.
v2.1.3 - #22 by @coderhaoxin - Dev dependencies versions bump.
v2.1.2 - #17 by @waleedsamy - Add Travis CI support.
v2.1.1 - #13 by @kwizzn - Fixes out-of-sync TTLs after running decr().
v2.1.0 - #12 by @luin - Adding support for ioredis.
v2.0.1 - #9 by @ruimarinho - Update redis commands to use array notation.
v2.0.0 - API CHANGE - Change remaining to include current call instead of decreasing it. Decreasing caused an off-by-one problem and caller could not distinguish between last legit call and a rejected call.
Requirements
- Redis 2.6.12+
- Node 8.0.0+
Installation
$ npm install ratelimiter
Example
Example Connect middleware implementation limiting against a user._id:
1var id = req.user._id; 2var limit = new Limiter({ id: id, db: db }); 3limit.get(function(err, limit){ 4 if (err) return next(err); 5 6 res.set('X-RateLimit-Limit', limit.total); 7 res.set('X-RateLimit-Remaining', limit.remaining - 1); 8 res.set('X-RateLimit-Reset', limit.reset); 9 10 // all good 11 debug('remaining %s/%s %s', limit.remaining - 1, limit.total, id); 12 if (limit.remaining) return next(); 13 14 // not good 15 var delta = (limit.reset * 1000) - Date.now() | 0; 16 var after = limit.reset - (Date.now() / 1000) | 0; 17 res.set('Retry-After', after); 18 res.send(429, 'Rate limit exceeded, retry in ' + ms(delta, { long: true })); 19});
Result Object
total-maxvalueremaining- number of calls left in currentdurationwithout decreasing currentgetreset- time since epoch in seconds at which the rate limiting period will end (or already ended)resetMs- time since epoch in milliseconds at which the rate limiting period will end (or already ended)
Options
id- the identifier to limit against (typically a user id)db- redis connection instancemax- max requests withinduration[2500]duration- of limit in milliseconds [3600000]
License
MIT
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
Found 5/25 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Reason
27 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
1.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More