universal-rate-limit

Express Middleware (@universal-rate-limit/express)

Express middleware adapter for universal-rate-limit.

header

Express middleware for universal-rate-limit — a zero-dependency rate limiter built on web standards. Supports fixed-window, sliding-window, and token-bucket algorithms, pluggable stores (memory, Redis, or your own), and IETF-compliant rate limit headers out of the box.

Try the playground to see rate limiting in action.

Install

npm install @universal-rate-limit/express

Usage

import express from 'express';
import { expressRateLimit } from '@universal-rate-limit/express';

const app = express();

// Apply to all routes
app.use(
    expressRateLimit({
        algorithm: { type: 'sliding-window', windowMs: 60_000 }, // 1 minute
        limit: 60 // 60 requests per window
    })
);

// Or apply to specific routes
app.use(
    '/api',
    expressRateLimit({
        algorithm: { type: 'sliding-window', windowMs: 60_000 },
        limit: 30
    })
);

app.listen(3000);

Options

Accepts all core optionslimit, algorithm, cost, store, keyGenerator, skip, handler, message, statusCode, headers, legacyHeaders, failOpen, and prefix.

Example

See examples/express for a complete working app with integration tests.

Documentation

View the full documentation

License

MIT

Redis Store (@universal-rate-limit/redis)

Redis store using Lua scripts for atomic operations. Works with any Redis client.

Fastify Plugin (@universal-rate-limit/fastify)

Fastify plugin adapter for universal-rate-limit.

On this page

Install
Usage
Options
Example
Documentation
License