Overview
Thanks to Mintlify, for generously hosting this documentation.
Express Rate Limit is a basic rate-limiting middleware for Express, used to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.
- GitHub: https://github.com/express-rate-limit/express-rate-limit
- npm: https://www.npmjs.com/package/express-rate-limit
Use Cases
This library uses ‘stores’, which allows for the hit count and reset time of all clients to be stored in an external database, or in-memory.
The default MemoryStore
stores the hit counts for clients in memory, and
thus produces inconsistent results when running multiple servers or processes.
Abuse Prevention
The default memory-store is probably fine.
API Rate Limit Enforcement
If you have multiple servers, or want to maintain state across app restarts, use an external data store.
If you have multiple processes on a single server (via the node:cluster module), you could use the cluster-memory-store instead.
Alternate Rate Limiters
This module was designed to only handle the basics and didn’t even support external stores initially. These other options all are excellent pieces of software and may be more appropriate for some situations:
Issues and Contributing
If you encounter a bug or want to see something added/changed, please go ahead and open an issue! If you need help with something, feel free to start a discussion!
If you wish to contribute to the library, thanks! First, please read the contributing guide. Then you can pick up any issue and fix/implement it!
License
MIT © Nathan Friedly, Vedant K