express-rate-limit 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.| Name | Version | Size | License | Type | Vulnerabilities |
|---|---|---|---|---|---|
| express | 4.19.2 | 209.73 kB | MIT | prod peer |
Express-rate-limit is a basic rate-limiting middleware for Express. This tool is typically used to limit repeated requests to public APIs and/or endpoints such as password reset. Its function is vital in abuse prevention by moderating the frequency of requests by individual clients within a specified timeframe.
Use of the express-rate-limit package involves installing the package, importing it into your project and applying the rate-limiting middleware to the desired requests. Below are some examples of how to use it in your JavaScript code:
First, install the package using npm or yarn -
npm install express-rate-limit
// or
yarn add express-rate-limit
Next, import it to your project:
For a CommonJS project:
const { rateLimit } = require('express-rate-limit');
For a ESM project:
import { rateLimit } from 'express-rate-limit'
Finally, apply the rate-limiting middleware to the desired routes:
Applying to all requests in an API-only server:
import { rateLimit } from 'express-rate-limit'
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per window
})
// apply to all requests
app.use(limiter)
Applying to specific requests:
import { rateLimit } from 'express-rate-limit'
const apiLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 100
})
// only apply to requests that begin with /api/
app.use('/api/', apiLimiter)
The documentation for express-rate-limit can be found on its GitHub repository at https://github.com/express-rate-limit/express-rate-limit. The readme file on the repository provides extensive information on how to install, use and configure the package. It also includes links to further resources for detailed understanding and application of the package.
