All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Use the default value for an option when
undefined
is passed to the rate limiter.
- Export the
MemoryStore
, so it can now be imported as a named import (import { MemoryStore } from 'express-rate-limit'
).
- Deprecate the
onLimitReached
option (this was supposed to be deprecated in v6.0.0 itself); developers should use a custom handler function that checks if the rate limit has been exceeded instead.
- Added a named export
rateLimit
in case the default import does not work.
- Added a named export
default
, so Typescript CommonJS developers can default-import the library (import rateLimit from 'express-rate-limit'
).
- Use named imports for ExpressJS types so users do not need to enable the
esModuleInterop
flag in their Typescript compiler configuration.
- Upload the built package as a
.tgz
to GitHub releases.
- Add
main
andmodule
fields topackage.json
. This helps tools such as ESLint that do not yet support theexports
field. - Bumped the minimum node.js version in
package-lock.json
to matchpackage.json
- Bumped minimum Node version from 12.9 to 14.5 in
package.json
because the transpiled output uses the nullish coalescing operator (??
), which isn't supported in node.js prior to 14.x.
- Ensure CommonJS projects can import the module.
- Add additional tests that test:
- importing the library in
js-cjs
,js-esm
,ts-cjs
,ts-esm
environments. - usage of the library with external stores (
redis
,mongo
,memcached
,precise
).
- importing the library in
- Use
esbuild
to generate ESM and CJS output. This reduces the size of the built package from 138 kb to 13kb and build time to 4 ms! 🚀 - Use
dts-bundle-generator
to generate a single Typescript declaration file.
- Ensure CommonJS projects can import the module.
express
4.x as a peer dependency.- Better Typescript support (the library was rewritten in Typescript).
- Export the package as both ESM and CJS.
- Publish the built package (
.tgz
file) on GitHub releases as well as the npm registry. - Issue and PR templates.
- A contributing guide.
- Rename the
draft_polli_ratelimit_headers
option tostandardHeaders
. - Rename the
headers
option tolegacyHeaders
. Retry-After
header is now sent if eitherlegacyHeaders
orstandardHeaders
is set.- Allow
keyGenerator
to be an async function/return a promise. - Change the way custom stores are defined.
- Add the
init
method for stores to set themselves up using options passed to the middleware. - Rename the
incr
method toincrement
. - Allow the
increment
,decrement
,resetKey
andresetAll
methods to return a promise. - Old stores will automatically be promisified and used.
- Add the
- The package can now only be used with NodeJS version 12.9.0 or greater.
- The
onLimitReached
configuration option is now deprecated. Replace it with a customhandler
that checks the number of hits.
- Remove the deprecated
limiter.resetIp
method (use thelimiter.resetKey
method instead). - Remove the deprecated options
delayMs
,delayAfter
(the delay functionality was moved to theexpress-slow-down
package) andglobal
(use a key generator that returns a constant value).
- The middleware
throwslogs an error ifrequest.ip
is undefined.
- Removes typescript typings. (See #138)
- The library no longer modifies the passed-in options object, it instead makes a clone of it.
- Simplifies the default
handler
function so that it no longer changes the response format. The default handler also uses response.send.
onLimitReached
now only triggers once for a client and window. However, thehandle
method is called for every blocked request.
- The
delayAfter
anddelayMs
options; they were moved to the express-slow-down package.
- A
limiter.resetKey()
method to reset the hit counter for a particular client
- The rate limiter now uses a less precise but less resource intensive method of tracking hits from a client.
- The
global
option.