`express-rate-limit`

![tests](https://github.com/express-rate-limit/express-rate-limit/actions/workflows/ci.yaml) ![npm version](https://npmjs.org/package/express-rate-limit 'View this project on NPM') ![npm downloads](https://www.npmjs.com/package/express-rate-limit) ![license](license.md)

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.

Usage

The full documentation is available on-line.

import { rateLimit } from 'express-rate-limit'
const limiter = rateLimit({
	windowMs: 15  60  1000, // 15 minutes
	limit: 100, // Limit each IP to 100 requests per window (here, per 15 minutes).
	standardHeaders: 'draft-8', // draft-6: RateLimit-* headers; draft-7 & draft-8: combined RateLimit header
	legacyHeaders: false, // Disable the X-RateLimit-* headers.
	ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
	// store: ... , // Redis, Memcached, etc. See below.
})// Apply the rate limiting middleware to all requests.
app.use(limiter)

Data Stores

The rate limiter comes with a built-in memory store, and supports a variety of external data stores.

Configuration

All function options may be async. Click the name for additional info and default values.

| Option | -------------------------- | [windowMs] | [limit] | [message] | [statusCode] | [handler] | [legacyHeaders] | [standardHeaders] | [identifier] | [store] | [passOnStoreError] | [keyGenerator] | [ipv6Subnet] | [requestPropertyName] | [skip] | [skipSuccessfulRequests] | [skipFailedRequests] | [requestWasSuccessful] | [validate] | Type | Remarks | | ----------------------------------------- | ----------------------------------------------------------------------------------------------- | | number | How long to remember requests for, in milliseconds. | | number \| function | How many requests to allow. | | string \| json \| function | Response to return after limit is reached. | | number | HTTP status code after limit is reached (default is 429). | | function | Function to run after limit is reached (overrides message and statusCode settings, if set). | | boolean | Enable the X-Rate-Limit header. | | 'draft-6' \| 'draft-7' \| 'draft-8' | Enable the Ratelimit header. | | string \| function | Name associated with the quota policy enforced by this rate limiter. | | Store | Use a custom store to share hit counts across multiple nodes. | | boolean | Allow (true) or block (false, default) traffic if the store becomes unavailable. | | function | Identify users (defaults to IP address). | | number (32-64) \| function \| false | How many bits of IPv6 addresses to use in default keyGenerator | | string | Add rate limit info to the req object. | | function | Return true to bypass the limiter for the given request. | | boolean | Uncount 1xx/2xx/3xx responses. | | boolean | Uncount 4xx/5xx responses. | | function | Used by skipSuccessfulRequests and skipFailedRequests. | | boolean \| object | Enable or disable built-in validation checks. |

Thank You

Sponsored by Zuplo a fully-managed API Gateway for developers. Add dynamic rate-limiting, authentication and more to any API in minutes. Learn more at zuplo.com

Thanks to Mintlify for hosting the documentation at express-rate-limit.mintlify.app

Finally, thank you to everyone who's contributed to this project in any way! 🫶

Issues and Contributing

If you encounter a bug or want to see something added/changed, please go ahead and open an issue! If you need help with something, feel free to start a discussion!

If you wish to contribute to the library, thanks! First, please read the contributing guide. Then you can pick up any issue and fix/implement it!

License

[windowMs]: https://express-rate-limit.mintlify.app/reference/configuration#windowms [limit]: https://express-rate-limit.mintlify.app/reference/configuration#limit [message]: https://express-rate-limit.mintlify.app/reference/configuration#message [statusCode]: https://express-rate-limit.mintlify.app/reference/configuration#statuscode [handler]: https://express-rate-limit.mintlify.app/reference/configuration#handler [legacyHeaders]: https://express-rate-limit.mintlify.app/reference/configuration#legacyheaders [standardHeaders]: https://express-rate-limit.mintlify.app/reference/configuration#standardheaders [identifier]: https://express-rate-limit.mintlify.app/reference/configuration#identifier [store]: https://express-rate-limit.mintlify.app/reference/configuration#store [passOnStoreError]: https://express-rate-limit.mintlify.app/reference/configuration#passonstoreerror [keyGenerator]: https://express-rate-limit.mintlify.app/reference/configuration#keygenerator [ipv6Subnet]: https://express-rate-limit.mintlify.app/reference/configuration#ipv6subnet [requestPropertyName]: https://express-rate-limit.mintlify.app/reference/configuration#requestpropertyname [skip]: https://express-rate-limit.mintlify.app/reference/configuration#skip [skipSuccessfulRequests]: https://express-rate-limit.mintlify.app/reference/configuration#skipsuccessfulrequests [skipFailedRequests]: https://express-rate-limit.mintlify.app/reference/configuration#skipfailedrequests [requestWasSuccessful]: https://express-rate-limit.mintlify.app/reference/configuration#requestwassuccessful [validate]: https://express-rate-limit.mintlify.app/reference/configuration#validate

📄 readme.md