`express-rate-limit`

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.

Usage

The full documentation is available on-line.

import { rateLimit } from 'express-rate-limit'

const limiter = rateLimit({
	windowMs: 15 * 60 * 1000, // 15 minutes
	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
	standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
	// store: ... , // Redis, Memcached, etc. See below.
})

// Apply the rate limiting middleware to all requests.
app.use(limiter)

Data Stores

The rate limiter comes with a built-in memory store, and supports a variety of external data stores.

Configuration

All function options may be async. Click the name for additional info and default values.

Option	Type	Remarks
`windowMs`	`number`	How long to remember requests for, in milliseconds.
`limit`	`number` \| `function`	How many requests to allow.
`message`	`string` \| `json` \| `function`	Response to return after limit is reached.
`statusCode`	`number`	HTTP status code after limit is reached (default is 429).
`legacyHeaders`	`boolean`	Enable the `X-Rate-Limit` header.
`standardHeaders`	`'draft-6'` \| `'draft-7'`	Enable the `Ratelimit` header.
`requestPropertyName`	`string`	Add rate limit info to the `req` object.
`skipFailedRequests`	`boolean`	Uncount 4xx/5xx responses.
`skipSuccessfulRequests`	`boolean`	Uncount 1xx/2xx/3xx responses.
`keyGenerator`	`function`	Identify users (defaults to IP address).
`handler`	`function`	Function to run after limit is reached (overrides `message` and `statusCode` settings, if set).
`skip`	`function`	Return `true` to bypass the limiter for the given request.
`requestWasSuccessful`	`function`	Used by `skipFailedRequests` and `skipSuccessfulRequests`.
`validate`	`boolean` \| `object`	Enable or disable built-in validation checks.
`store`	`Store`	Use a custom store to share hit counts across multiple nodes.

Thank You

Sponsored by Zuplo a fully-managed API Gateway for developers. Add dynamic rate-limiting, authentication and more to any API in minutes. Learn more at zuplo.com

Thanks to Mintlify for hosting the documentation at express-rate-limit.mintlify.app

Finally, thank you to everyone who's contributed to this project in any way! 🫶

Issues and Contributing

If you encounter a bug or want to see something added/changed, please go ahead and open an issue! If you need help with something, feel free to start a discussion!

If you wish to contribute to the library, thanks! First, please read the contributing guide. Then you can pick up any issue and fix/implement it!

Name		Name	Last commit message	Last commit date
Latest commit History 718 Commits
.github/workflows		.github/workflows
config/husky		config/husky
docs		docs
source		source
test		test
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
.npmrc		.npmrc
.prettierignore		.prettierignore
jest.config.json		jest.config.json
license.md		license.md
package-lock.json		package-lock.json
package.json		package.json
readme.md		readme.md
tsconfig.json		tsconfig.json

License

express-rate-limit/express-rate-limit

Folders and files

Latest commit

History

Repository files navigation

express-rate-limit

Usage

Data Stores

Configuration

Thank You

Issues and Contributing

License

About

Topics

Resources

License

Stars

Watchers

Forks

Sponsor this project

Languages

`express-rate-limit`