@upstash/ratelimit
Advanced tools
[](https://www.npmjs.com/package/@upstash/ratelimit) [](https://github.com/upstash/ratelimit/actions/workf
[!NOTE] This project is in GA Stage. The Upstash Professional Support fully covers this project. It receives regular updates, and bug fixes. The Upstash team is committed to maintaining and improving its functionality.
It is the only connectionless (HTTP based) rate limiting library and designed for:
npm install @upstash/ratelimit
import { Ratelimit } from "https://cdn.skypack.dev/@upstash/ratelimit@latest";
Create a new redis database on upstash. See here for documentation on how to create a redis instance.
import { Ratelimit } from "@upstash/ratelimit"; // for deno: see above
import { Redis } from "@upstash/redis"; // see below for cloudflare and fastly adapters
// Create a new ratelimiter, that allows 10 requests per 10 seconds
const ratelimit = new Ratelimit({
redis: Redis.fromEnv(),
limiter: Ratelimit.slidingWindow(10, "10 s"),
analytics: true,
/**
* Optional prefix for the keys used in redis. This is useful if you want to share a redis
* instance with other applications and want to avoid key collisions. The default prefix is
* "@upstash/ratelimit"
*/
prefix: "@upstash/ratelimit",
});
// Use a constant string to limit all requests with a single ratelimit
// Or use a userID, apiKey or ip address for individual limits.
const identifier = "api";
const { success } = await ratelimit.limit(identifier);
if (!success) {
return "Unable to process at this time";
}
doExpensiveCalculation();
return "Here you go!";
For more information on getting started, you can refer to our documentation.
Here's a complete nextjs example
See the documentation for more information details about this package.
Create a new redis database on upstash and copy the url and token.
To run the tests, you will need to set some environment variables. Here is a list of variables to set:
UPSTASH_REDIS_REST_URLUPSTASH_REDIS_REST_TOKENUS1_UPSTASH_REDIS_REST_URLUS1_UPSTASH_REDIS_REST_TOKENAPN_UPSTASH_REDIS_REST_URLAPN_UPSTASH_REDIS_REST_TOKENEU2_UPSTASH_REDIS_REST_URLEU2_UPSTASH_REDIS_REST_TOKENYou can create a single Upstash Redis and use its URL and token for all four above.
Once you set the environment variables, simply run:
pnpm test
express-rate-limit is a popular middleware for Express.js applications that provides rate limiting capabilities. It is easy to integrate with Express and offers a variety of configuration options. Compared to @upstash/ratelimit, express-rate-limit is more tightly coupled with Express.js and may not be as flexible for use in non-Express environments.
rate-limiter-flexible is a highly flexible rate limiting library that supports various backends like Redis, MongoDB, and more. It offers advanced features such as cluster support and different rate limiting strategies. Compared to @upstash/ratelimit, rate-limiter-flexible provides more backend options and advanced features, but may require more setup and configuration.
FAQs
[](https://www.npmjs.com/package/@upstash/ratelimit) [](https://github.com/upstash/ratelimit/actions/workf
The npm package @upstash/ratelimit receives a total of 205,708 weekly downloads. As such, @upstash/ratelimit popularity was classified as popular.
We found that @upstash/ratelimit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
November CVE publications fell 25% YoY even as 2025 totals rose, showing how a few major CNAs can swing “global” counts and skew perceived risk.
Security News
React disclosed a CVSS 10.0 RCE in React Server Components and is advising users to upgrade affected packages and frameworks to patched versions now.
Research
/Security News
We spotted a wave of auto-generated “elf-*” npm packages published every two minutes from new accounts, with simple malware variants and early takedowns underway.