express-rate-limit vs limiter vs ratelimiter

npm包名称	下载量	Stars	大小	Issues	发布时间	License

express-rate-limit	10,930,079	3,209	141 kB	8	2 个月前	MIT
limiter	8,622,623	1,556	158 kB	14	1 年前	MIT
ratelimiter	120,664	725	-	11	6 年前	MIT

npm包名称

下载量

Stars

大小

Issues

发布时间

License

express-rate-limit

10,930,079

3,209

141 kB

2 个月前

MIT

limiter

8,622,623

1,556

158 kB

1 年前

MIT

ratelimiter

120,664

725

6 年前

MIT

易用性

express-rate-limit:
express-rate-limit提供了简单的API和中间件集成，开发者可以轻松地在Express应用中实现速率限制。只需几行代码即可配置，适合快速开发和原型设计。
limiter:
limiter的API设计简洁，适合需要快速实现基本速率限制的场景。虽然功能较少，但对于简单应用来说足够使用。
ratelimiter:
ratelimiter的配置相对复杂，适合需要细粒度控制的应用。虽然学习曲线稍陡，但提供了更强大的功能和灵活性。

存储选项

express-rate-limit:
支持多种存储选项，包括内存、Redis和MongoDB，适合不同的应用需求。可以根据应用的规模和复杂性选择合适的存储方式。
limiter:
主要使用内存存储，适合小型应用或开发阶段。对于生产环境，可能需要考虑其他存储方案。
ratelimiter:
支持多种后端存储，允许开发者根据需求选择合适的存储方式，适合大型和复杂的应用。

性能

express-rate-limit:
在高并发场景下，express-rate-limit的性能表现良好，但在使用内存存储时可能会受到限制。建议在生产环境中使用Redis等外部存储以提高性能。
limiter:
由于其轻量级设计，limiter在性能方面表现优异，适合对响应时间要求严格的应用。
ratelimiter:
ratelimiter在处理复杂的速率限制逻辑时可能会增加性能开销，但其灵活性和可扩展性使其适合大型应用。

灵活性

express-rate-limit:
提供了多种配置选项，允许开发者根据需求调整速率限制策略，适合大多数常见应用场景。
limiter:
灵活性较低，主要适用于简单的速率限制需求，不支持复杂的限制策略。
ratelimiter:
提供高度的灵活性，允许开发者实现复杂的速率限制逻辑，适合需要定制化的应用场景。

社区支持

express-rate-limit:
作为一个广泛使用的库，express-rate-limit拥有活跃的社区和丰富的文档，开发者可以轻松找到解决方案和示例。
limiter:
相对较小的社区支持，文档和示例较少，适合小型项目或快速原型开发。
ratelimiter:
拥有良好的社区支持和文档，适合需要深入了解和定制的开发者。

Usage

import { rateLimit } from 'express-rate-limit' const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes). standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header legacyHeaders: false, // Disable the `X-RateLimit-*` headers. ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive // store: ... , // Redis, Memcached, etc. See below. }) // Apply the rate limiting middleware to all requests. app.use(limiter)

Data Stores

The rate limiter comes with a built-in memory store, and supports a variety of external data stores.

Configuration

All function options may be async. Click the name for additional info and default values.

Option	Type	Remarks
`windowMs`	`number`	How long to remember requests for, in milliseconds.
`limit`	`number` \| `function`	How many requests to allow.
`message`	`string` \| `json` \| `function`	Response to return after limit is reached.
`statusCode`	`number`	HTTP status code after limit is reached (default is 429).
`handler`	`function`	Function to run after limit is reached (overrides `message` and `statusCode` settings, if set).
`legacyHeaders`	`boolean`	Enable the `X-Rate-Limit` header.
`standardHeaders`	`'draft-6'` \| `'draft-7'` \| `'draft-8'`	Enable the `Ratelimit` header.
`identifier`	`string` \| `function`	Name associated with the quota policy enforced by this rate limiter.
`store`	`Store`	Use a custom store to share hit counts across multiple nodes.
`passOnStoreError`	`boolean`	Allow (`true`) or block (`false`, default) traffic if the store becomes unavailable.
`keyGenerator`	`function`	Identify users (defaults to IP address).
`ipv6Subnet`	`number` (32-64) \| `function` \| `false`	How many bits of IPv6 addresses to use in default `keyGenerator`
`requestPropertyName`	`string`	Add rate limit info to the `req` object.
`skip`	`function`	Return `true` to bypass the limiter for the given request.
`skipSuccessfulRequests`	`boolean`	Uncount 1xx/2xx/3xx responses.
`skipFailedRequests`	`boolean`	Uncount 4xx/5xx responses.
`requestWasSuccessful`	`function`	Used by `skipSuccessfulRequests` and `skipFailedRequests`.
`validate`	`boolean` \| `object`	Enable or disable built-in validation checks.

Option

Type

Remarks

windowMs

number

How long to remember requests for, in milliseconds.

limit

number | function

How many requests to allow.

message

string | json | function

Response to return after limit is reached.

statusCode

number

HTTP status code after limit is reached (default is 429).

handler

function

Function to run after limit is reached (overrides message and statusCode settings, if set).

legacyHeaders

boolean

Enable the X-Rate-Limit header.

standardHeaders

'draft-6' | 'draft-7' | 'draft-8'

Enable the Ratelimit header.

identifier

string | function

Name associated with the quota policy enforced by this rate limiter.

store

Store

Use a custom store to share hit counts across multiple nodes.

passOnStoreError

boolean

Allow (true) or block (false, default) traffic if the store becomes unavailable.

keyGenerator

function

Identify users (defaults to IP address).

ipv6Subnet

number (32-64) | function | false

How many bits of IPv6 addresses to use in default keyGenerator

requestPropertyName

string

Add rate limit info to the req object.

skip

function

Return true to bypass the limiter for the given request.

skipSuccessfulRequests

boolean

Uncount 1xx/2xx/3xx responses.

skipFailedRequests

boolean

Uncount 4xx/5xx responses.

requestWasSuccessful

function

Used by skipSuccessfulRequests and skipFailedRequests.

validate

boolean | object

Enable or disable built-in validation checks.

Thank You

Sponsored by Zuplo a fully-managed API Gateway for developers. Add dynamic rate-limiting, authentication and more to any API in minutes. Learn more at zuplo.com

Thanks to Mintlify for hosting the documentation at express-rate-limit.mintlify.app

Finally, thank you to everyone who's contributed to this project in any way! 🫶

Issues and Contributing

If you encounter a bug or want to see something added/changed, please go ahead and open an issue! If you need help with something, feel free to start a discussion!

If you wish to contribute to the library, thanks! First, please read the contributing guide. Then you can pick up any issue and fix/implement it!