express-rate-limit - npm Package Compare versions

Comparing version 6.8.1 to 6.9.0

changelog.md

		@@ -9,2 +9,14 @@ # Changelog

		## [6.9.0](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.9.0)

		### Added

		- New validaion check for double-counted requests
		- Added help link to each ValidationError, directing users to the appropriate
		wiki page for more info

		### Changed

		- Miscaleanous documenation improvements

		## [6.8.1](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.8.0) & [6.7.2](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.8.0)
		@@ -11,0 +23,0 @@

dist/index.d.ts

		@@ -133,2 +133,10 @@ // Generated by dts-bundle-generator v7.0.0
		shutdown?: () => Promise<void> \| void;
		/**
		* Flag to indicate that keys incremented in one instance of this store can
		* not affect other instances. Typically false if a database is used, true for
		* MemoryStore.
		*
		* Used to help detect double-counting misconfigurations.
		*/
		localKeys?: boolean;
		};
		@@ -314,2 +322,7 @@ /**
		/**
		* Confirmation that the keys incremented in once instance of MemoryStore
		* cannot affect other instances.
		*/
		localKeys: boolean;
		/**
		* Method that initializes the store.
		@@ -316,0 +329,0 @@ *

package.json

		{
		"name": "express-rate-limit",
		"version": "6.8.1",
		"version": "6.9.0",
		"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
		@@ -66,8 +66,8 @@ "author": {
		"lint": "run-s lint:*",
		"autofix:code": "npm run lint:code -- --fix",
		"autofix:rest": "npm run lint:rest -- --write .",
		"autofix": "run-s autofix:*",
		"format:code": "npm run lint:code -- --fix",
		"format:rest": "npm run lint:rest -- --write .",
		"format": "run-s format:*",
		"test:lib": "cross-env NODE_NO_WARNINGS=1 NODE_OPTIONS=--experimental-vm-modules jest",
		"test:ext": "cd test/external/ && bash run-all-tests",
		"test": "run-s lint test:*",
		"test": "run-s lint test:lib",
		"pre-commit": "lint-staged",
		@@ -74,0 +74,0 @@ "prepare": "run-s compile && husky install config/husky"

readme.md

		@@ -19,4 +19,5 @@ # <div align="center"> Express Rate Limit </div>

		Basic rate-limiting middleware for Express. Use to limit repeated requests to
		public APIs and/or endpoints such as password reset. Plays nice with
		Basic rate-limiting middleware for [Express](http://expressjs.com/). Use to
		limit repeated requests to public APIs and/or endpoints such as password reset.
		Plays nice with
		[express-slow-down](https://www.npmjs.com/package/express-slow-down).
		@@ -26,8 +27,32 @@

		## Use Cases

		Depending on your use case, you may need to switch to a different
		[store](#store).

		#### Abuse Prevention

		The default `MemoryStore` is probably fine.

		#### API Rate Limit Enforcement

		You likely want to switch to a different [store](#store). As a performance
		optimization, the default `MemoryStore` uses a global time window, so if your
		limit is 10 requests per minute, a single user might be able to get an initial
		burst of up to 20 requests in a row if they happen to get the first 10 in at the
		end of one minute and the next 10 in at the start of the next minute. (After the
		initial burst, they will be limited to the expected 10 requests per minute.) All
		other stores use per-user time windows, so a user will get exactly 10 requests
		regardless.

		Additionally, if you have multiple servers or processes (for example, with the
		[node:cluster](https://nodejs.org/api/cluster.html) module), you'll likely want
		to use an external data store to syhcnronize hits
		([redis](https://npmjs.com/package/rate-limit-redis),
		[memcached](https://npmjs.org/package/rate-limit-memcached), [etc.](#store))
		This will guarentee the expected result even if some requests get handled by
		different servers/processes.

		### Alternate Rate Limiters

		> This module does not share state with other processes/servers by default. If
		> you need a more robust solution, I recommend using an external store. See the
		> [`stores` section](#store) below for a list of external stores.

		This module was designed to only handle the basics and didn't even support
		@@ -99,2 +124,3 @@ external stores initially. These other options all are excellent pieces of
		legacyHeaders: false, // Disable the `X-RateLimit-*` headers
		// store: ... , // Use an external store for more precise rate limiting
		})
		@@ -118,2 +144,3 @@
		legacyHeaders: false, // Disable the `X-RateLimit-*` headers
		// store: ... , // Use an external store for more precise rate limiting
		})
		@@ -135,2 +162,3 @@
		legacyHeaders: false, // Disable the `X-RateLimit-*` headers
		// store: ... , // Use an external store for more precise rate limiting
		})
		@@ -157,13 +185,18 @@
		```ts
		import rateLimit, { MemoryStore } from 'express-rate-limit'
		import rateLimit from 'express-rate-limit'
		import RedisStore from 'rate-limit-redis'
		import RedisClient from 'ioredis'

		const apiLimiter = rateLimit({
		const redisClient = new RedisClient()
		const rateLimiter = rateLimit({
		windowMs: 15 * 60 * 1000, // 15 minutes
		max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
		standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
		store: new MemoryStore(),
		store: new RedisStore({
		/* ... */
		}), // Use the external store
		})

		// Apply the rate limiting middleware to API calls only
		app.use('/api', apiLimiter)
		// Apply the rate limiting middleware to all requests
		app.use(rateLimiter)
		```
		@@ -170,0 +203,0 @@

dist/index.cjs

Sorry, the diff of this file is not supported yet

dist/index.d.cts

Sorry, the diff of this file is not supported yet

dist/index.d.mts

Sorry, the diff of this file is not supported yet

dist/index.mjs

Sorry, the diff of this file is not supported yet

express-rate-limit - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics