npm (scoped) npm

Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.


pnpm i @tinyhttp/rate-limit


import { App } from '@tinyhttp/app'
import { rateLimit } from '@tinyhttp/rate-limit'

const app = new App()

const routeRateLimit = rateLimit({
  max: 10,
  windowMs: 60 * 1000, // 1 minute

app.get('limited-route', routeRateLimit, (_, res) => res.send('Limited route'))


Name Type Default Description
windowMs number 5000 Timeframe for which requests are checked/remembered.
max number | ((req: Request, res: Response) => Promise) 5 Max number of connections during windowMs before sending a 429 response.
message string Too many requests, please try again later. Error message sent to user when max is exceeded.
statusCode number 249 HTTP status code returned when max is exceeded.
skipFailedRequests boolean false When set to true, failed requests won't be counted.
skipSuccessfulRequests boolean false When set to true successful requests (response status < 400) won't be counted.
keyGenerator (req: Request, res: Response) => string (req) => req.ip Function used to generate keys.
shouldSkip (req: Request, res: Response) => boolean () => false Determine per request if it should be skipped by the middleware
onLimitReached onLimitReached: (req: Request, res: Response) => void () => {} Function that is called the first time a user hits the rate limit within a given window.
store Store MemoryStore By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too.



MIT © Luiginator


pnpm i @tinyhttp/rate-limit