express-rate-limit - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

lib/express-rate-limit.js

		@@ -15,5 +15,6 @@ 'use strict';
		delayMs: 1000, // milliseconds - base delay applied to the response - multiplied by number of recent hits from user's IP
		max: 5, // max number of recent connections during `window` miliseconds before sending a 400 response
		max: 5, // max number of recent connections during `window` miliseconds before sending a 429 response
		global: false, // if true, IP address is ignored and setting is applied equally to all requests
		message : 'Too many requests, please try again later.'
		message : 'Too many requests, please try again later.',
		statusCode: 429
		});
		@@ -41,3 +42,3 @@
		// 429 status = Too Many Requests (RFC 6585)
		return res.status(429).end(options.message);
		return res.status(options.statusCode).end(options.message);
		}
		@@ -44,0 +45,0 @@

package.json

		{
		"name": "express-rate-limit",
		"version": "1.1.0",
		"version": "1.2.0",
		"description": "Basic rate-limiting middleware for Express. Use to limit access to public endpoints such as account creation and password reset.",
		@@ -5,0 +5,0 @@ "homepage": "https://github.com/nfriedly/express-rate-limit",

README.md

		@@ -22,10 +22,10 @@ # Express Rate Limit

		* windowMs: milliseconds - how long to keep records of requests in memory. Defaults to 60,000 (1 minute).
		* delayAfter: max number of connections during `windowMs` before starting to delay responses. Defaults to 1. Set to 0 to disable entirely.
		* delayMs: milliseconds - how long to delay the response; is multiplied by number of recent hits - `delayAfter`. Defaults to 1,000 (1 second). Set to 0 to disable entirely.
		* max: max number of recent connections during `windowMs` milliseconds before sending a 400 response. Defaults to 5. Set to 0 to disable entirely.
		* global: If true, IP address is ignored and a single global hit counter is used. Defaults to false.
		* message: Error message returned when `max` is exceeded. Defaults to 'Too many requests, please try again later.'
		* windowMs: milliseconds - how long to keep records of requests in memory. Defaults to `60000` (1 minute).
		* delayAfter: max number of connections during `windowMs` before starting to delay responses. Defaults to `1`. Set to `0` to disable delaying.
		* delayMs: milliseconds - how long to delay the response, multiplied by (number of recent hits - `delayAfter`). Defaults to `1000` (1 second). Set to `0` to disable delaying.
		* max: max number of connections during `windowMs` milliseconds before sending a 429 response. Defaults to `5`. Set to `0` to disable.
		* global: If `true`, IP address is ignored and a single global hit counter is used. Defaults to `false`.
		* message: Error message returned when `max` is exceeded. Defaults to `'Too many requests, please try again later.'`
		* statusCode: HTTP status code returned when `max` is exceeded. Defaults to `429`.


		The `delayAfter` and `delayMs` options were written for human-facing pages such as login and password reset forms.
		@@ -48,3 +48,4 @@ For public APIs, setting these to `0` (disabled) and relying on only `windowMs` and `max` for rate-limiting usually makes the most sense.
		global: false,
		message: 'Too many requests, please try again later.'
		message: 'Too many requests, please try again later.',
		statusCode: 429
		});
		@@ -51,0 +52,0 @@

		@@ -22,10 +22,10 @@ # Express Rate Limit

		* windowMs: milliseconds - how long to keep records of requests in memory. Defaults to 60,000 (1 minute).
		* delayAfter: max number of connections during `windowMs` before starting to delay responses. Defaults to 1. Set to 0 to disable entirely.
		* delayMs: milliseconds - how long to delay the response; is multiplied by number of recent hits - `delayAfter`. Defaults to 1,000 (1 second). Set to 0 to disable entirely.
		* max: max number of recent connections during `windowMs` milliseconds before sending a 400 response. Defaults to 5. Set to 0 to disable entirely.
		* global: If true, IP address is ignored and a single global hit counter is used. Defaults to false.
		* message: Error message returned when `max` is exceeded. Defaults to 'Too many requests, please try again later.'
		* windowMs: milliseconds - how long to keep records of requests in memory. Defaults to `60000` (1 minute).
		* delayAfter: max number of connections during `windowMs` before starting to delay responses. Defaults to `1`. Set to `0` to disable delaying.
		* delayMs: milliseconds - how long to delay the response, multiplied by (number of recent hits - `delayAfter`). Defaults to `1000` (1 second). Set to `0` to disable delaying.
		* max: max number of connections during `windowMs` milliseconds before sending a 429 response. Defaults to `5`. Set to `0` to disable.
		* global: If `true`, IP address is ignored and a single global hit counter is used. Defaults to `false`.
		* message: Error message returned when `max` is exceeded. Defaults to `'Too many requests, please try again later.'`
		* statusCode: HTTP status code returned when `max` is exceeded. Defaults to `429`.


		The `delayAfter` and `delayMs` options were written for human-facing pages such as login and password reset forms.
		@@ -48,3 +48,4 @@ For public APIs, setting these to `0` (disabled) and relying on only `windowMs` and `max` for rate-limiting usually makes the most sense.
		global: false,
		message: 'Too many requests, please try again later.'
		message: 'Too many requests, please try again later.',
		statusCode: 429
		});
		@@ -51,0 +52,0 @@

express-rate-limit - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics