All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Use the default value for an option when
undefinedis passed to the rate limiter.
- Export the
MemoryStore, so it can now be imported as a named import (import { MemoryStore } from 'express-rate-limit').
- Deprecate the
onLimitReachedoption (this was supposed to be deprecated in v6.0.0 itself); developers should use a custom handler function that checks if the rate limit has been exceeded instead.
- Added a named export
rateLimitin case the default import does not work.
- Added a named export
default, so Typescript CommonJS developers can default-import the library (import rateLimit from 'express-rate-limit').
- Use named imports for ExpressJS types so users do not need to enable the
esModuleInteropflag in their Typescript compiler configuration.
- Upload the built package as a
.tgzto GitHub releases.
- Add
mainandmodulefields topackage.json. This helps tools such as ESLint that do not yet support theexportsfield. - Bumped the minimum node.js version in
package-lock.jsonto matchpackage.json
- Bumped minimum Node version from 12.9 to 14.5 in
package.jsonbecause the transpiled output uses the nullish coalescing operator (??), which isn't supported in node.js prior to 14.x.
- Ensure CommonJS projects can import the module.
- Add additional tests that test:
- importing the library in
js-cjs,js-esm,ts-cjs,ts-esmenvironments. - usage of the library with external stores (
redis,mongo,memcached,precise).
- importing the library in
- Use
esbuildto generate ESM and CJS output. This reduces the size of the built package from 138 kb to 13kb and build time to 4 ms! 🚀 - Use
dts-bundle-generatorto generate a single Typescript declaration file.
- Ensure CommonJS projects can import the module.
express4.x as a peer dependency.- Better Typescript support (the library was rewritten in Typescript).
- Export the package as both ESM and CJS.
- Publish the built package (
.tgzfile) on GitHub releases as well as the npm registry. - Issue and PR templates.
- A contributing guide.
- Rename the
draft_polli_ratelimit_headersoption tostandardHeaders. - Rename the
headersoption tolegacyHeaders. Retry-Afterheader is now sent if eitherlegacyHeadersorstandardHeadersis set.- Allow
keyGeneratorto be an async function/return a promise. - Change the way custom stores are defined.
- Add the
initmethod for stores to set themselves up using options passed to the middleware. - Rename the
incrmethod toincrement. - Allow the
increment,decrement,resetKeyandresetAllmethods to return a promise. - Old stores will automatically be promisified and used.
- Add the
- The package can now only be used with NodeJS version 12.9.0 or greater.
- The
onLimitReachedconfiguration option is now deprecated. Replace it with a customhandlerthat checks the number of hits.
- Remove the deprecated
limiter.resetIpmethod (use thelimiter.resetKeymethod instead). - Remove the deprecated options
delayMs,delayAfter(the delay functionality was moved to theexpress-slow-downpackage) andglobal(use a key generator that returns a constant value).
- The middleware
throwslogs an error ifrequest.ipis undefined.
- Removes typescript typings. (See #138)
- The library no longer modifies the passed-in options object, it instead makes a clone of it.
- Simplifies the default
handlerfunction so that it no longer changes the response format. The default handler also uses response.send.
onLimitReachednow only triggers once for a client and window. However, thehandlemethod is called for every blocked request.
- The
delayAfteranddelayMsoptions; they were moved to the express-slow-down package.
- A
limiter.resetKey()method to reset the hit counter for a particular client
- The rate limiter now uses a less precise but less resource intensive method of tracking hits from a client.
- The
globaloption.