Socket
Socket
Sign inDemoInstall

@nestjs/throttler

Package Overview
Dependencies
209
Maintainers
2
Versions
19
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install
2Next

5.1.2

Diff
nestjscore
 published 5.1.2 •

Changelog

Source

5.1.2

Patch Changes

  • 7a431e5: Improve performance by replacing md5 npm package with Node.js crypto module.

5.1.1

Diff
nestjscore
 published 5.1.1 •

Changelog

Source

5.1.1

Patch Changes

  • b06a208: Resolves a bug that cause 'this' to be undefined in the 'getTracker' and 'generateKey' methods of the custom ThrottlerGuard

5.1.0

Diff
nestjscore
 published 5.1.0 •

Changelog

Source

5.1.0

Minor Changes

  • 903d187: Allow for throttler definitions to define their own trackers and key generators to allow for more customization of the rate limit process

5.0.1

Diff
nestjscore
 published 5.0.1 •

Changelog

Source

5.0.1

Patch Changes

  • bc9e6b2: Correctly assign metadata for multiple throttlers passed to @SkipThrottle()

Major Changes

  • 2f4f2a7: # FEATURES

    • allow for multiple Throttler Contexts
    • allow for conditionally skipping based on ThrottleGuard#shouldSkip method
    • allow for easily overriding throttler message based on guard method
    • extra context passed to throw method for better customization of message
    • ThrottlerStorage no longer needs a storage property`
    • getTracker can now be async

    BREAKING CHANGES

    • ttl is now in milliseconds, not seconds, but there are time helper exposed to ease the migration to that
    • the module options is now either an array or an object with a throttlers array property
    • @Throttle() now takes in an object instead of two parameters, to allow for setting multiple throttle contexts at once in a more readable manner
    • @ThrottleSkip() now takes in an object with string boolean to say which throttler should be skipped
    • ttl and limit are no longer optional in the module's options. If an option object is passed, it must define the defaults for that throttler

    HOW TO MIGRATE

    For most people, wrapping your options in an array will be enough.

    If you are using a custom storage, you should wrap you ttl and limit in an array and assign it to the throttlers property of the options object.

    Any @ThrottleSkip() should now take in an object with string: boolean props. The strings are the names of the throttlers. If you do not have a name, pass the string 'default', as this is what will be used under the hood otherwise.

    Any @Throttle() decorators should also now take in an object with string keys, relating to the names of the throttler contexts (again, 'default' if no name) and values of objects that have limit and ttl keys.

    IMPORTANT: The ttl is now in miliseconds. If you want to keep your ttl in seconds for readability, usethe seconds helper from this package. It just multiplies the ttl by 1000 to make it in milliseconds.

5.0.0

Diff
nestjscore
 published 5.0.0 •

Changelog

Source

5.0.0

4.2.1

Diff
nestjscore
 published 4.2.1 •

Changelog

Source

4.2.1

Patch Changes

  • b72c9cb: Revert resolvable properties for ttl and limit

    The resolvable properties made a breaking change for custom guards that was unforseen. This reverts it and schedules the changes for 5.0.0 instead

4.2.0

Diff
nestjscore
 published 4.2.0 •

Changelog

Source

4.2.0

Minor Changes

  • d8d8c93: Allow for ttl and limit to be set based on the execution context, instead of statically assigned for the entire application

4.1.0

Diff
nestjscore
 published 4.1.0 •

Changelog

Source

4.1.0

Minor Changes

  • 527d51c: Support Nest v10

4.0.0

Diff
nestjscore
 published 4.0.0 •

Changelog

Source

4.0.0

Major Changes

  • 4803dda: Rewrite the storage service to better handle large numbers of operations

    Why

    The initial behavior was that getRecord() returned an list of sorted TTL timestamps, then if it didn't reach the limit, it will call addRecord(). This change was made based on the use of the Redis storage community package where it was found how to prevent this issue. It was found out that express-rate-limit is incrementing a single number and returning the information in a single roundtrip, which is significantly faster than how NestJS throttler works by called getRecord(), then addRecord.

    Breaking Changes

    • removed getRecord
    • addRecord(key: string, ttl: number): Promise<number[]>; changes to increment(key: string, ttl: number): Promise<ThrottlerStorageRecord>;

    How to Migrate

    If you are just using the throttler library, you're already covered. No changes necessary to your code, version 4.0.0 will work as is.

    If you are providing a custom storage, you will need to remove your current service's getRecord method and rename addRecord to incremenet while adhering to the new interface and returning an ThrottlerStorageRecord object

3.1.0

Diff
nestjscore
 published 3.1.0 •

Changelog

Source

3.1.0

Minor Changes

  • da3c950: Add skipIf option to throttler module options

    With the new option, you can pass a factory to skipIf and determine if the throttler guard should be used in the first palce or not. This acts just like applying @SkipThrottle() to every route, but can be customized to work off of the process.env or ExecutionContext object to provide better support for dev and QA environments.

2Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc