{"id":30372183,"url":"https://github.com/jmrashed/jmrashed-api-rate-limiter","last_synced_at":"2026-05-06T17:31:39.231Z","repository":{"id":289726104,"uuid":"869780640","full_name":"jmrashed/jmrashed-api-rate-limiter","owner":"jmrashed","description":"A middleware for Express.js to limit API calls, preventing abuse and managing load with dynamic limits based on user roles or API keys.","archived":false,"fork":false,"pushed_at":"2025-08-15T13:28:55.000Z","size":52,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-15T14:19:46.383Z","etag":null,"topics":["api","express","middleware","nodejs","rate-limiter","security"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/settings/jmrashed/packages","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jmrashed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-10-08T21:56:05.000Z","updated_at":"2025-08-15T13:28:41.000Z","dependencies_parsed_at":"2025-04-24T18:55:23.946Z","dependency_job_id":"976e2197-5973-4ad6-9212-5b9a92241b0a","html_url":"https://github.com/jmrashed/jmrashed-api-rate-limiter","commit_stats":null,"previous_names":["mrzstack/jmrashed-api-rate-limiter","jmrashed/jmrashed-api-rate-limiter"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jmrashed/jmrashed-api-rate-limiter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmrashed%2Fjmrashed-api-rate-limiter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmrashed%2Fjmrashed-api-rate-limiter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmrashed%2Fjmrashed-api-rate-limiter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmrashed%2Fjmrashed-api-rate-limiter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jmrashed","download_url":"https://codeload.github.com/jmrashed/jmrashed-api-rate-limiter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmrashed%2Fjmrashed-api-rate-limiter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276430839,"owners_count":25641123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-22T02:00:08.972Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","express","middleware","nodejs","rate-limiter","security"],"created_at":"2025-08-20T06:35:18.098Z","updated_at":"2025-09-22T19:11:29.234Z","avatar_url":"https://github.com/jmrashed.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Jmrashed API Rate Limiter\n\n[![NPM Version](https://img.shields.io/npm/v/jmrashed-api-rate-limiter.svg)](https://www.npmjs.com/package/jmrashed-api-rate-limiter)\n[![NPM Downloads](https://img.shields.io/npm/dm/jmrashed-api-rate-limiter.svg)](https://www.npmjs.com/package/jmrashed-api-rate-limiter)\n[![License](https://img.shields.io/npm/l/jmrashed-api-rate-limiter.svg)](https://github.com/jmrashed/jmrashed-api-rate-limiter/blob/main/LICENSE)\n[![GitHub stars](https://img.shields.io/github/stars/jmrashed/jmrashed-api-rate-limiter.svg)](https://github.com/jmrashed/jmrashed-api-rate-limiter/stargazers)\n[![GitHub forks](https://img.shields.io/github/forks/jmrashed/jmrashed-api-rate-limiter.svg)](https://github.com/jmrashed/jmrashed-api-rate-limiter/network/members)\n[![GitHub issues](https://img.shields.io/github/issues/jmrashed/jmrashed-api-rate-limiter.svg)](https://github.com/jmrashed/jmrashed-api-rate-limiter/issues)\n\nA flexible and lightweight middleware for Express.js that helps you protect your APIs from abuse and manage server load effectively. This package allows for dynamic rate limits based on user roles, API keys, or any other identifier, making it a versatile solution for any Node.js application.\n\n## Table of Contents\n\n- [Features](#features)\n- [Prerequisites](#prerequisites)\n- [Installation](#installation)\n- [Usage](#usage)\n- [Configuration Options](#configuration-options)\n- [Example of Dynamic Limits](#example-of-dynamic-limits)\n- [Screenshots](#screenshots)\n- [Testing](#testing)\n- [Deployment](#deployment)\n- [Built With](#built-with)\n- [FAQ](#faq)\n- [Roadmap](#roadmap)\n- [Release Notes](#release-notes)\n- [Versioning](#versioning)\n- [Contributing](#contributing)\n- [Style Guide](#style-guide)\n- [Code of Conduct](#code-of-conduct)\n- [License](#license)\n- [Author](#author)\n\n## Features\n\n- **Method-Based Rate Limiting**: Set different rate limits for various HTTP methods (e.g., `GET`, `POST`, `PUT`, `DELETE`).\n- **Configurable Time Windows**: Define the duration for which requests are tracked (e.g., per minute, per hour).\n- **Dynamic Limits**: Implement custom logic to assign different limits to different users, roles, or API keys.\n- **In-Memory Storage**: A simple and fast in-memory store for tracking request counts, which can be extended for persistent storage solutions like Redis.\n- **Lightweight and Performant**: Designed to have minimal impact on your application's performance.\n\n## Prerequisites\n\nBefore you begin, ensure you have the following installed:\n\n- [Node.js](https://nodejs.org/en/) (v14 or later recommended)\n- [npm](https://www.npmjs.com/)\n\n## Installation\n\nTo install the Jmrashed API Rate Limiter, use npm:\n\n```bash\nnpm install jmrashed-api-rate-limiter\n```\n\n## Usage\n\nHere’s how to integrate the middleware into your Express.js application:\n\n```javascript\nconst express = require('express');\nconst rateLimit = require('jmrashed-api-rate-limiter');\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Configure rate limiter options\nconst rateLimiterOptions = {\n  windowMs: 60 * 1000, // 1 minute\n  limits: {\n    GET: 10,  // 10 requests per minute for GET\n    POST: 5,  // 5 requests per minute for POST\n    default: 15 // Default limit for other methods\n  }\n};\n\n// Apply rate limiter middleware\napp.use(rateLimit(rateLimiterOptions));\n\n// Sample route\napp.get('/api/resource', (req, res) =\u003e {\n  res.send('Resource accessed!');\n});\n\napp.listen(PORT, () =\u003e {\n  console.log(`Server running on port ${PORT}`);\n});\n```\n\n## Configuration Options\n\n- `windowMs` (required): The duration of the rate-limiting window in milliseconds.\n- `limits` (required): An object defining the number of allowed requests for each HTTP method. You can also set a `default` limit for methods that are not explicitly defined.\n\n## Example of Dynamic Limits\n\nTo implement dynamic limits, you can modify the logic inside the middleware to use a unique identifier for each user, such as an API key or user ID. This allows you to apply different rate limits based on the user's plan or access level.\n\nHere's an example of how you could modify the `rateLimiter.js` file to support dynamic limits based on a user's role:\n\n```javascript\n// lib/rateLimiter.js\n\nconst rateLimit = (options) =\u003e {\n  const { windowMs, limits } = options;\n  const requestCounts = new Map();\n\n  return (req, res, next) =\u003e {\n    // Use the user's role as the key, or fall back to the IP address\n    const key = req.user ? req.user.role : req.ip; \n\n    const currentTime = Date.now();\n\n    if (!requestCounts.has(key)) {\n      requestCounts.set(key, { count: 0, startTime: currentTime });\n    }\n\n    const requestData = requestCounts.get(key);\n\n    if (currentTime - requestData.startTime \u003e windowMs) {\n      requestData.count = 0;\n      requestData.startTime = currentTime;\n    }\n\n    // Define different limits for different roles\n    const limitsByRole = {\n      admin: 100,\n      premium: 50,\n      free: 10,\n    };\n\n    const limit = limitsByRole[key] || limits[req.method] || limits.default;\n\n    if (requestData.count \u003c limit) {\n      requestData.count += 1;\n      next();\n    } else {\n      res.status(429).json({\n        error: \"Too many requests. Please try again later.\",\n      });\n    }\n  };\n};\n\nmodule.exports = rateLimit;\n```\n\n## Screenshots\n\nHere are some screenshots of the rate limiter in action:\n\n**Successful Request:**\n\n![Successful Request](https://i.imgur.com/9Y2Y4fG.png)\n\n**Rate Limit Exceeded:**\n\n![Rate Limit Exceeded](https://i.imgur.com/5g9oH3g.png)\n\n## Testing\n\nTo run the tests for this package, use the following command:\n\n```bash\nnpm test\n```\n\nYou can also test the rate limiter manually using tools like Postman or `curl`. Make multiple requests to your API endpoints and observe how the middleware enforces the defined limits.\n\n## Deployment\n\nWhen deploying an application that uses this middleware, ensure that your environment has Node.js and npm installed. You can then run your application using a process manager like PM2 or by simply running `node your-app.js`.\n\n## Built With\n\n- [Node.js](https://nodejs.org/en/)\n- [Express.js](https://expressjs.com/)\n- [Jest](https://jestjs.io/)\n- [Supertest](https://www.npmjs.com/package/supertest)\n\n## FAQ\n\n**Q: Can I use this with a different framework, like Koa or Hapi?**\n\nA: This middleware is specifically designed for Express.js. However, the core logic could be adapted for other frameworks.\n\n**Q: Is it possible to use a persistent storage solution instead of in-memory storage?**\n\nA: Yes, you can modify the `rateLimiter.js` file to use a different storage solution, such as Redis or a database. This is recommended for production environments.\n\n## Roadmap\n\n- [ ] Add support for more persistent storage solutions (e.g., Redis, Memcached).\n- [ ] Add more advanced configuration options (e.g., whitelisting IPs, custom headers).\n- [ ] Add support for more frameworks (e.g., Koa, Hapi).\n- [ ] Add more comprehensive tests.\n\n## Release Notes\n\n### 2.0.1 - 2025-08-15\n\n- Documentation: Added release notes and updated README for clarity.\n- Improvements: Small improvements to dynamic limits examples and configuration docs.\n- Tests: Minor test coverage tweaks and reliability improvements.\n- Misc: Updated package metadata and README badges.\n\n## Versioning\n\nWe use [SemVer](https://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/jmrashed/jmrashed-api-rate-limiter/tags).\n\n## Contributing\n\nWe welcome contributions from the community. Please read our [Contributing Guide](CONTRIBUTING.md) for more information on how to get started.\n\n## Style Guide\n\nThis project follows the [Airbnb JavaScript Style Guide](https://github.com/airbnb/javascript). Please ensure that your contributions adhere to this style guide.\n\n## Code of Conduct\n\nPlease read our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n## Author\n\n## Author\n\n**Rashed Zaman**  \n\n- GitHub: [https://github.com/jmrashed](https://github.com/jmrashed)  \n- npm: [https://www.npmjs.com/~jmrashed](https://www.npmjs.com/~jmrashed)  \n- Email: [jmrashed@gmail.com](mailto:jmrashed@gmail.com)  \n\nFeel free to reach out for questions, feedback, or contributions!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmrashed%2Fjmrashed-api-rate-limiter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmrashed%2Fjmrashed-api-rate-limiter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmrashed%2Fjmrashed-api-rate-limiter/lists"}