rate-limiter-flexible VS express-rate-limit

Implementing API rate limiting in your Node.js project is an important step toward maintaining the stability and reliability of your application. With the use of packages like express-rate-limit or rate-limiter-flexible, you can easily set limits on requests and prevent abuse of your API by malicious users.

There are a few different rate limiter libraries out there you can use if you don't want to build something from scratch. This one looks good. You'll want access to a fast data store like Redis, or alternatively a SQL database like Postgres/MySQL.

https://www.npmjs.com/package/rate-limiter-flexible rate limit with a unique identifier. Ideally you should issue API keys for each user and rate limit those. You can rate limit by IP but of course someone can just change their IP with proxies.

I published this issue with my code: https://github.com/animir/node-rate-limiter-flexible/issues/124

The express-rate-limit is a simple and straight forward library that solves this problem for us. It's not the most complete one, but is a lightweight and fast way to achieve this goal. For most refined options the express-rate-limit itself already recommends other libraries such as rate-limiter-flexible express-brute and express-limiter.

Rate limiting is a method used for controlling network traffic. It limits the number of actions a user can make per unit of time 1. In this tutorial, we will rate limit a login route to help protect it from brute force attacks. This limits the number of password guesses that can be made by an attacker. We'll use the npm package node-rate-limiter-flexible to count and limit the number of login attempts by key. Each key will have a points value that will count the number of failed login attempts. The keys will expire after a set amount of time. The key-value pairs will be stored in Redis, which is an open-source in-memory data structure store. It has many different use cases. We will use it as a simple database. Redis is simple to use and it is very fast. We'll create an online instance of Redis, connect it to an express application, and then use the Redis command-line interface (redis-cli) to view the database. A prerequisite for this tutorial is an ExpressJS application with a login route and user authentication.

Also we will use another third-party package called rate-limiter-flexible as it works with Redis, process Memory, Cluster or PM2, Memcached, MongoDB, MySQL, PostgreSQL and allows to control requests rate in a single process or distributed environment.

express-rate-limit is an npm library that provides a rate limiting middleware for Express, so it's easier to limit repeated requests to all APIs or only to specific endpoints. The middleware allows you to control how many requests the same user can make to the same endpoints before an application starts returning 429 Too Many Requests errors.

I think the readme gets included automatically even if you don't specify it in the files field, ditto for package.json.

Compare https://github.com/express-rate-limit/express-rate-limit/blo... to https://www.npmjs.com/package/express-rate-limit?activeTab=c...

Agree with you about the other points.

Express-rate-limit: A simple to use rate limiter for your Express apps. This can protect your applications from being overwhelmed by too many requests.

Implementing API rate limiting in your Node.js project is an important step toward maintaining the stability and reliability of your application. With the use of packages like express-rate-limit or rate-limiter-flexible, you can easily set limits on requests and prevent abuse of your API by malicious users.

One option would be to bake rate-limiting middleware into your service. For example, in express-rate-limit you can define a keyGenerator function that takes an HTTP request and extracts the key that should be rate limited. I assume there are similar middleware packages for other frameworks. This approach would get the job done and it would be transparent to your customers.

We are using Express, so we added the middleware express-rate-limit to our server-side code. If you are using Flask, there is Flask-Limiter. If you are using Django, there is Django Ratelimit. Laravel includes basic rate limiting.

The rate limiting middleware limits the number of requests that come from a specific user, IP address or location within a given window (period of time). This can be achieved using a package called express-rate-limit as middleware

is your server express? i have used this package with Redis https://www.npmjs.com/package/express-rate-limit works pretty well

The last feature is a rate limit to prevent spam. Highscore has no auth system all endpoints are public and can be accessible by anybody. That's why adding a rate limit is useful to prevent abuse requests for a malicious users. For this, I used the very good express-rate-limit library which does the job perfectly. Like all other features, you can configure the rate limit using env variables.