> ## Documentation Index
> Fetch the complete documentation index at: https://express-rate-limit.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Thanks to
> [Mintlify](https://mintlify.com/?utm_campaign=devmark\&utm_medium=docs\&utm_source=express-rate-limit),
> for generously hosting this documentation.

Express Rate Limit is a basic rate-limiting middleware for
[Express](http://expressjs.com/), used to limit repeated requests to public APIs
and/or endpoints such as password reset. Plays nice with
[express-slow-down](https://www.npmjs.com/package/express-slow-down) and
[ratelimit-header-parser](https://www.npmjs.com/package/ratelimit-header-parser).

* GitHub: [https://github.com/express-rate-limit/express-rate-limit](https://github.com/express-rate-limit/express-rate-limit)
* npm: [https://www.npmjs.com/package/express-rate-limit](https://www.npmjs.com/package/express-rate-limit)

## Use Cases

This library uses 'stores', which allows for the hit count and reset time of all
clients to be stored in-memory or in an external database. Depending on the use
case, an external store may be needed.

### Abuse Prevention

The default
[memory-store](https://github.com/express-rate-limit/express-rate-limit/blob/main/source/memory-store.ts)
is probably fine.

<Warning>
  The default `MemoryStore` keeps the hit counts for clients in memory, and thus
  produces inconsistent results when running multiple servers or processes.
</Warning>

When running multiple instances of the memory store, the ratelimiter will always
allow *at least* the configured `max` number of hits through, and *at most* the
configured `max` multiplied by the number of instances. Depending on how
requests are routed in your stack, requests may be intermittently allowed or
blocked after reaching `max`.

### API Rate Limit Enforcement

If you have multiple servers, or want to maintain state across app restarts, use
an [external data store](/reference/stores).

If you have multiple processes on a single server (via the
[node:cluster](https://nodejs.org/api/cluster.html) module), you could use the
[cluster-memory-store](https://npmjs.com/package/@express-rate-limit/cluster-memory-store)
instead.

## Alternate Rate Limiters

This module was designed to only handle the basics and didn't even support
external stores initially. These other options all are excellent pieces of
software and may be more appropriate for some situations:

* [rate-limiter-flexible](https://www.npmjs.com/package/rate-limiter-flexible)
* [express-brute](https://www.npmjs.com/package/express-brute)
* [rate-limiter](https://www.npmjs.com/package/express-limiter)

## Issues and Contributing

If you encounter a bug or want to see something added/changed, please go ahead
and
[open an issue](https://github.com/nfriexpress-rate-limitedly/express-rate-limit/issues/new)!
If you need help with something, feel free to
[start a discussion](https://github.com/express-rate-limit/express-rate-limit/discussions/new)!

If you wish to contribute to the library, thanks! First, please read
[the contributing guide](/guides/contributing). Then you can pick up any issue
and fix/implement it!

## License

MIT © [Nathan Friedly](http://nfriedly.com/),
[Vedant K](https://github.com/gamemaker1)
