Releases
v7.0.0
Breaking
Changed behavior when max
is set to 0:
Previously, max: 0
was treated as a 'disable' flag and would allow all requests through.
Starting with v7, all requests will be blocked when max is set to 0.
To replicate the old behavior, use the skip function instead.
Renamed req.rateLimit.current
to req.rateLimit.used
.
current
is now a hidden getter that will return the used
value, but it will not appear when iterating over the keys or calling JSON.stringify()
.
Changed the minimum required Node version from v14 to v16.
express-rate-limit
now targets es2022
in TypeScript/ESBuild.
Bumped TypeScript from v4 to v5 and dts-bundle-generator
from v7 to v8.
Deprecated
Removed the draft_polli_ratelimit_headers
option (it was deprecated in v6).
Use standardHeaders: 'draft-6'
instead.
Removed the onLimitReached
option (it was deprecated in v6).
This is an example of how to replicate it's behavior with a custom handler
option.
Changed
The MemoryStore
now uses precise, per-user reset times rather than a global window that resets all users at once.
The limit
configuration option is now prefered to max
.
It still shows the same behavior, and max
is still supported. The change was made to better align with terminology used in the IETF standard drafts.
Added
The validate
config option can now be an object with keys to enable or disable specific validation checks. For more information, see this .
You can’t perform that action at this time.