express-rate-limit

You can view the changelog here.

You can view the changelog here.

You can view the changelog here.

You can view the changelog here.

You can view the changelog here.

Misc

• Enabled provenance statement generation, see https://github.com/express-rate-limit/express-rate-limit#406.

You can view the full changelog here.

You can view the changelog here.

You can view the changelog here.

You can view the changelog here.

Breaking

• Changed behavior when max is set to 0:
  • Previously, max: 0 was treated as a 'disable' flag and would allow all requests through.
  • Starting with v7, all requests will be blocked when max is set to 0.
  • To replicate the old behavior, use the skip function instead.
• Renamed req.rateLimit.current to req.rateLimit.used.
  • current is now a hidden getter that will return the used value, but it will not appear when iterating over the keys or calling JSON.stringify().
• Changed the minimum required Node version from v14 to v16.
  • express-rate-limit now targets es2022 in TypeScript/ESBuild.
• Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.

Deprecated

• Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
  • Use standardHeaders: 'draft-6' instead.
• Removed the onLimitReached option (it was deprecated in v6).
  • This is an example of how to replicate it's behavior with a custom handler option.

Changed

• The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
• The limit configuration option is now prefered to max.
  • It still shows the same behavior, and max is still supported. The change was made to better align with terminology used in the IETF standard drafts.

Added

• The validate config option can now be an object with keys to enable or disable specific validation checks. For more information, see this.

Fixed

• Restored IncrementResponse TypeScript type (See #397)

Fixed

• Check for prefixed keys when validating that the stores have single counted keys (See #395).

You can view the changelog here.

Added

• Support for combined RateLimit header from the RateLimit header fields for HTTP standardization draft adopted by the IETF. Enable by setting standardHeaders: 'draft-7'
• New standardHeaders: 'draft-6' option, treated equivalent to standardHeaders: true from previous releases. (true and false are still supported.)
• New RateLimit-Policy header added when standardHeaders is set to 'draft-6', 'draft-7', or true
• Warning when using deprecated draft_polli_ratelimit_headers option
• Warning when using deprecated onLimitReached option
• Warning when totalHits value returned from Store is invalid

Added

• New validaion check for double-counted requests
• Added help link to each ValidationError, directing users to the appropriate wiki page for more info

Changed

• Miscaleanous documenation improvements

You can view the full changelog here.

You can view the changelog here.

You can view the changelog here.

Added

• Added a set of validation checks that will log an error if failed. See
  https://github.com/express-rate-limit/express-rate-limit/wiki/Error-Codes for
  a list of potential errors. Can be disabled by setting validate: false in
  the configuration. Automatically disables after the first request. (See
  #358)

You can view the changelog here.

Fixed

• Fixed compatibility with TypeScript's TypeScript new node16 module
  resolution strategy (See
  #355)

Changed

• Bumped development dependencies.
• Added node 20 to list of versions the CI jobs run on.

No functional changes.

You can view the changelog here.

No functional changes.

Changed

• Updated links to point to the new express-rate-limit organization on GitHub.
• Added advertisement to readme.md for project sponsor Zuplo.
• Updated to typescript version 5 and bumped other dependencies.
• Dropped node 12, and added node 19 to the list of versions the CI jobs run on.

You can view the changelog here.