New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

express-bouncer

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-bouncer

Express middleware for mitigating brute-force attacks

latest
Source
npmnpm
Version
0.2.0
Version published
Weekly downloads
377
-27.78%
Maintainers
1
Weekly downloads
 
Created
Source

Express Bouncer

NPM version

A simple and standalone middleware for express routes which attempts to mitigate brute-force attacks. It works by increasing the delay with each failed request using a Fibonacci formula. Requests are tracking via IP address and can be white-listed or reset on demand. All logged addresses are stored locally in an object and dormant addresses are removed automatically. Error messages are also completely customizable. This project is based on express-brute created by Adam Pflug.

Installation

$ npm install express-bouncer

Quick Start

// Creates a new instance of our bouncer (args optional)
var bouncer = require ("express-bouncer")(500, 900000);

// Add white-listed addresses (optional)
bouncer.whitelist.push ("127.0.0.1");

// In case we want to supply our own error (optional)
bouncer.blocked = function (req, res, next, remaining)
{
	res.send (429, "Too many requests have been made, " +
		"please wait " + remaining / 1000 + " seconds");
};

// Route we wish to protect with bouncer middleware
app.post ("/login", bouncer.block, function (req, res)
{
	if (LoginFailed)
	{
		// Login failed
	}

	else
	{
		bouncer.reset (req);
		// Login succeeded
	}
});

// Clear all logged addresses
// (Usually never really used)
bouncer.addresses = { };

Documentation

Constructor

express-bouncer ([min], [max], [free])
  • min The minimum number of milliseconds the user can be forced to wait. (default: 500 ms)
  • max The maximum number of milliseconds the user can be forced to wait. (default: 10 min)
  • free The number of attempts a user can make before being forced to wait. (default: 2)

Functions

  • reset Resets the wait time between attempts for the specified request.
  • block Middleware that will block requests which are occurring too often.

Properties

  • addresses A list of logged IP addresses. Cleared by overriding with new object.
  • whitelist A list of white-listed IP addresses. These addresses will never be blocked.
  • blocked Function to be called when a request has been blocked. (see quick start)

Author

Keywords

brute
force
attack
mitigation
middleware
security

FAQs

Package last updated on 07 Mar 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026