rate-bouncer v2.0.0
โก rate-bouncer (Node.js Rate Limiting Middleware)
A lightweight and flexible rate-limiting middleware for Node.js, designed to limit the number of requests to your API endpoints, prevent abuse, and protect your application from traffic spikes.
โจ Features
- ๐ Global and per-route configuration: Set global defaults while allowing per-route overrides.
- ๐ Easy integration: Works seamlessly with Express and similar Node.js frameworks.
- ๐พ In-memory storage: Keeps track of requests in memory for simple use cases (perfect for single-instance applications).
- โณ Throttling: Automatically blocks requests once the limit is exceeded, with configurable retry-after time.
- ๐งน Automatic cleanup: Periodically removes old request data to optimize memory usage.
๐ฆ Installation
To install the package via npm, run:
npm install rate-bouncer๐ Usage
1๏ธโฃ Global Configuration (Optional)
You can set a global rate limit configuration that applies to all endpoints unless overridden per route.
const express = require("express");
const { setGlobalRateLimitConfig, rateLimitConfig } = require("rate-bouncer");
const app = express();
// ๐ Set global rate limit settings (applies to all routes unless overridden)
setGlobalRateLimitConfig({
duration: 15 * 60 * 1000, // โณ 15 minutes
maxRequests: 100, // ๐ Max 100 requests per 15 minutes
startCleanupInterval: 50000, // ๐งน Cleanup interval (optional, default: 10000ms)
});
// ๐ Apply the global rate limiter to all routes
app.use(rateLimitConfig());2๏ธโฃ Per-Route Customization
You can override the global configuration for specific routes by providing custom options.
app.get(
"/api/endpoint1",
rateLimitConfig({ duration: 10 * 60 * 1000, maxRequests: 50 }),
(req, res) => {
res.send("๐ Endpoint 1: Limited to 50 requests per 10 minutes.");
}
);
app.post(
"/api/endpoint2",
rateLimitConfig({ duration: 60 * 60 * 1000, maxRequests: 200 }),
(req, res) => {
res.send("๐ Endpoint 2: Limited to 200 requests per hour.");
}
);3๏ธโฃ Disabling Rate Limiting
You can disable rate limiting entirely for certain routes or globally.
// โ Disable rate limiting for a specific route
app.get("/api/open", rateLimitConfig({ disabled: true }), (req, res) => {
res.send("โ
This route has no rate limit.");
});4๏ธโฃ Exceeding Rate Limit Example
When a user exceeds the rate limit, they receive a 429 Too Many Requests response with a retry time.
{
"message": "Too many requests",
"retryAfter": "10.0 seconds"
}๐ฏ Benefits
โ Protects your APIs: Prevents abuse, DOS attacks, and accidental traffic spikes by limiting requests. โ Easy integration: Simple to install and configure with Express and similar frameworks. โ Customizable: Set different limits for different routes, allowing flexibility. โ Global and per-route settings: Define a default configuration and override it when needed. โ Efficient memory management: Old request data is automatically cleaned up based on the configured interval.
โ ๏ธ Limitations
โก In-memory storage: This implementation uses in-memory storage, meaning it won't scale across multiple instances. For distributed apps, consider using Redis. โก Single-instance limitation: Ideal for small or single-instance applications. For production, consider a persistent store. โก Memory usage: The rate limiter keeps track of timestamps in memory. High traffic may lead to increased memory usage.
๐ค Contributing
We welcome contributions! If you'd like to contribute, please fork the repository, create a new branch, and submit a pull request.
๐ License
This package is licensed under the MIT License.
๐ Support
For any issues or support, please open an issue on the GitHub repository.