Thanks to Mintlify, for generously hosting this documentation.Express Rate Limit is a basic rate-limiting middleware for Express, used to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.
- GitHub: https://github.com/express-rate-limit/express-rate-limit
- npm: https://www.npmjs.com/package/express-rate-limit
Use Cases
This library uses ‘stores’, which allows for the hit count and reset time of all clients to be stored in-memory or in an external database. Depending on the use case, an external store may be needed.Abuse Prevention
The default memory-store is probably fine.The default
MemoryStore
keeps the hit counts for clients in memory, and thus
produces inconsistent results when running multiple servers or processes.max
number of hits through, and at most the
configured max
multiplied by the number of instances. Depending on how
requests are routed in your stack, requests may be intermittently allowed or
blocked after reaching max
.