Installations
npm install sliding-window-rate-limiterDeveloper Guide
Typescript
No
Module System
ESM
Min. Node Version
>=16.0.0
Node Version
22.3.0
NPM Version
10.8.1
Score
72.3
Supply Chain
99.4
Quality
77.3
Maintenance
100
Vulnerability
99.3
License
Releases
Contributors
Unable to fetch Contributors
Languages
TypeScript (91.2%)
Lua (6.25%)
JavaScript (2.55%)
Developer
dex4er
Download Statistics
Total Downloads
61,354
Last Day
58
Last Week
393
Last Month
1,410
Last Year
21,118
GitHub Statistics
13 Stars
210 Commits
4 Forks
2 Watching
11 Branches
4 Contributors
Bundle Size
131.63 kB
Minified
39.13 kB
Minified + Gzipped
Package Meta Information
Latest Version
6.0.1
Package Id
sliding-window-rate-limiter@6.0.1
Unpacked Size
41.06 kB
Size
8.91 kB
File Count
25
NPM Version
10.8.1
Node Version
22.3.0
Publised On
25 Jun 2024
Total Downloads
Cumulative downloads
Total Downloads
61,354
Last day
114.8%
58
Compared to previous day
Last week
37.4%
393
Compared to previous week
Last month
6.4%
1,410
Compared to previous month
Last year
26.4%
21,118
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
sliding-window-rate-limiter
Sliding window rate limiter with Redis >= 3.2 backend or in-memory backend.
Requirements
This module requires ES6 with Node >= 16.
Redis >= 3.2.0 is required for the Redis backend.
Installation
1npm install sliding-window-rate-limiter
Additionally for Typescript:
1npm install -D @types/node @types/ioredis
Usage
1const {SlidingWindowRateLimiter} = require("sliding-window-rate-limiter")
Typescript:
1import SlidingWindowRateLimiter from "sliding-window-rate-limiter" 2// or 3import {SlidingWindowRateLimiter} from "sliding-window-rate-limiter"
constructor
1const limiter = SlidingWindowRateLimiter.createLimiter(options)Options:
intervalis a number of milliseconds in a sliding windowredisis an instance ofioredisor URL string to Redis server (only for Redis backend)operationTimeoutis the time in milliseconds after Redis operation is canceled (for Redis and SafeRedis backends, optional)safe:true(only for SafeRedis backend)reuseRedisAfteris the time (milliseconds) to reconnect to the Redis server after connection failure (only for SafeRedis backend, default value: 2000 milliseconds)
If redis parameter is a string then a new ioredis object is created with
retryStrategy set to 1 second and maxRetriesPerRequest set to 1.
Example:
1const limiter = SlidingWindowRateLimiter.createLimiter({
2 interval: 60000,
3})or
1const limiter = SlidingWindowRateLimiter.createLimiter({
2 interval: 60000,
3 redis: new Redis({
4 host: "redis-server",
5 retryStrategy: _times => 1000,
6 maxRetriesPerRequest: 1,
7 }),
8 safe: true,
9})check
1const result = await limiter.check(key, limit) 2const {usage, reset} = result
Checks current usage for key. If usage is equal to or above limit,
additionally sets reset time in milliseconds.
reserve
1const result = await limiter.reserve(key, limit) 2const {token, usage, reset} = result
Makes a reservation and returns token with a reservation. If usage is
equal to or above limit, additionally sets reset time in milliseconds.
Throws an error if has occurred.
cancel
1const result = await limiter.cancel(key, token) 2const {canceled} = result
Cancels a reservation for token and returns the number of `canceled``
tokens. It is a zero if no token previously was reserved or it was expired.
destroy
1limiter.destroy()
Frees resources used by limiter (timers and Redis connection if created by limiter itself).
Errors
If reserve or usage methods return an error:
1ERR Error running script (call to f_8ff6a0f745b738fe1d9fa74079c4c13d032e9947): @user_script:1: user_script:1: attempt to call field \'replicate_commands\' (a nil value)
then check if Redis has the proper version (>= 3.2.0).
Backends
Memory
This backend holds all data in memory.
Redis
This backend requires Redis 3.2 to work. The main advantage is that the state of the limiter can be shared between many clients.
SafeRedis
There is an extended version of the limiter, which behaves gracefully when
the Redis server is unavailable for any reason. In case of Redis connection
failure, SafeRedis backend will always return a positive response object and
will try to use again the Redis server after reuseRedisAfter.
License
Copyright (c) 2017-2024 Piotr Roszatycki piotr.roszatycki@gmail.com
Based on Lua script from https://github.com/3hedgehogs/inredis-ratelimiter
Copyright (c) 2017 Serguei Poliakov serguei.poliakov@gmail.com
Inspired by ClassDojo blog note
https://engineering.classdojo.com/blog/2015/02/06/rolling-rate-limiter/ and
rolling-rate-limiter
module.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yaml:13
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/9 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yaml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yaml:14
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yaml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/trunk.yaml:9
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/release.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/release.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/release.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trunk.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/trunk.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trunk.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/trunk.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/trunk.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dex4er/js-sliding-window-rate-limiter/trunk.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:42
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:97
- Warn: npmCommand not pinned by hash: .github/workflows/release.yaml:40
- Warn: npmCommand not pinned by hash: .github/workflows/trunk.yaml:27
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to sliding-window-rate-limiter
redis-sliding-rate-limiter
Flexible and performant rate limiter based on sliding window algorithm with arbitrary precision
pauls-sliding-window-rate-limiter
Efficiently rate limit calls using a sliding window algorithm.
rate-limiter-sliding
A generic rate limiter that can be used to limit requests, or anything just by using key, can protect from brute-force and DDoS attacks
rate-limiter-algorithms
Library that provides different algorithms to perform rate limiting