npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

express-request-limit

v1.0.2

Published

Express middleware to limit the request rate to specific routes, based on client IP address.

Downloads

15

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

n1tryn1try

Keywords

expressmiddlewaresecuritylimitratelimitrate-limitrequestlimitrequest-limitbrute-forceiptimeoutblockip-block

Readme

express-request-limit

Simple, in-memory rate-limiting middleware for Express. When injected to Express routes, it will block requests from an IP address, that arrive in too short intervals.

Also works, if your application runs behind a proxy. If present, the X-Real-Ip or X-Forwarded-For header will be used to determine client ip address.

NPM

Installation

$ npm install --save express-request-limit

Usage example

const app = require('express')()
    , rateLimit = require('express-request-limit');

const rateLimitOpts = {
    timeout: 1000 * 60 * 30,
    exactPath: true,
    cleanUpInterval: 0,
    errStatusCode: 429,
    errMessage: 'Too many requests made to this route.'
}

app.get('/api/:id/votes', rateLimit(rateLimitOpts), (req, res) => {
    res.send('You didn\'t get blocked!');
});

app.listen(3000);

Options

The middleware get initialized with an (optional) object containing some configuration parameters. Available parameters are:

  • timeout (optional): Time in milliseconds for new requests to get blocked. For instance, if set to 1000, requests will be blocked within a frame of one second after an initial request had arrived. Default to 1,800,000 (30 minutes).
  • cleanUpInterval (optional): Blocked IPs and their respective routes / URLs are stored in a map internally. By default, a map entry gets cleared when a new request from the blocked IP arrives at the blocked route after the block timeout is over. But if a client never performs a second request, the entry will remain in the map. Use this property to specify an interval in milliseconds, at which a script will run through the map and clear timed out blocks to free memory. However, if run too frequently, this may influence performance. Default to false (no clean up).
  • errStatusCode (optional): The HTTP status code to be set for the response to a blocked request. Defaults to 429 ("Too many requests").
  • errMessage (optional): The message to be sent alongside the response to a blocked request. Default to 'Too many requests made to this route.'.
  • exactPath (optional): Set whether the exact request URL or the called endpoint's route will be used for blocking. If set to true, for instance, a request to /api/1/votes, mapped to the route definition with pattern /api/:id/votes won't cause a subsequent request to /api/2/votes to get blocked. Only requests to the exact same URL match will be blocked. If set to false, all requests mapped to the route, which the middleware is applied to, will be blocked. Defaults to true.

Todo

  • Add tests

License

MIT @ Ferdinand Mütsch