express-rate-limit - npm Package Compare versions

Comparing version 3.5.2 to 4.0.0

lib/express-rate-limit.js

		"use strict";
		const defaults = require("defaults");
		const MemoryStore = require("./memory-store");

		function RateLimit(options) {
		options = defaults(options, {
		windowMs: 60 * 1000, // milliseconds - how long to keep records of requests in memory
		max: 5, // max number of recent connections during `window` milliseconds before sending a 429 response
		message: "Too many requests, please try again later.",
		statusCode: 429, // 429 status = Too Many Requests (RFC 6585)
		headers: true, //Send custom rate limit header with limit and remaining
		skipFailedRequests: false, // Do not count failed requests (status >= 400)
		skipSuccessfulRequests: false, // Do not count successful requests (status < 400)
		// allows to create custom keys (by default user IP is used)
		keyGenerator: function(req /, res/) {
		return req.ip;
		options = Object.assign(
		{
		windowMs: 60 * 1000, // milliseconds - how long to keep records of requests in memory
		max: 5, // max number of recent connections during `window` milliseconds before sending a 429 response
		message: "Too many requests, please try again later.",
		statusCode: 429, // 429 status = Too Many Requests (RFC 6585)
		headers: true, //Send custom rate limit header with limit and remaining
		skipFailedRequests: false, // Do not count failed requests (status >= 400)
		skipSuccessfulRequests: false, // Do not count successful requests (status < 400)
		// allows to create custom keys (by default user IP is used)
		keyGenerator: function(req /, res/) {
		return req.ip;
		},
		skip: function(/req, res/) {
		return false;
		},
		handler: function(req, res /, next/) {
		res.status(options.statusCode).send(options.message);
		},
		onLimitReached: function(/req, res, optionsUsed/) {}
		},
		skip: function(/req, res/) {
		return false;
		},
		handler: function(req, res /, next/) {
		res.status(options.statusCode).send(options.message);
		},
		onLimitReached: function(/req, res, optionsUsed/) {}
		});
		options
		);

		@@ -27,0 +29,0 @@ // store to use for persisting rate limit data

package.json

		{
		"name": "express-rate-limit",
		"version": "3.5.2",
		"version": "4.0.0",
		"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
		@@ -36,5 +36,3 @@ "homepage": "https://github.com/nfriedly/express-rate-limit",
		],
		"dependencies": {
		"defaults": "^1.0.3"
		},
		"dependencies": {},
		"devDependencies": {
		@@ -41,0 +39,0 @@ "eslint": "^5.15.3",

README.md

		@@ -274,4 +274,10 @@ # Express Rate Limit

		## v3 Changes
		## Summary of breaking changes:

		### v4 Changes

		- Express Rate Limit no longer modifies the passed-in options object, it instead makes a clone of it.

		### v3 Changes

		- Removed `delayAfter` and `delayMs` options; they were moved to a new module: [express-slow-down](https://npmjs.org/package/express-slow-down).
		@@ -281,3 +287,3 @@ - Simplified the default `handler` function so that it no longer changes the response format. Now uses [res.send](https://expressjs.com/en/4x/api.html#res.send).

		## v2 Changes
		### v2 Changes

		@@ -284,0 +290,0 @@ v2 uses a less precise but less resource intensive method of tracking hits from a given IP. v2 also adds the `limiter.resetKey()` API and removes the `global: true` option.

express-rate-limit - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes