npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@isl-lang/stdlib-rate-limit

v2.0.0

Published

ISL Standard Library - Rate Limiting and Throttling

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vibecheckaivibecheckai

Keywords

intentosislstdlibrate-limitthrottlingbrute-forceprotectionddos

Readme

@isl-lang/stdlib-rate-limit

ISL Standard Library - Rate Limiting and Throttling

Overview

This package provides comprehensive rate limiting capabilities with:

  • ISL Specifications: Complete behavioral contracts for rate limiting
  • TypeScript Implementation: Production-ready reference implementation
  • Multiple Storage Backends: In-memory and Redis support
  • Framework Adapters: Express middleware included

Installation

pnpm add @isl-lang/stdlib-rate-limit

ISL Specification

Import in ISL

domain MyApp version "1.0.0"

import { CheckRateLimit, BlockIdentifier, UnblockIdentifier } from "@isl/stdlib-rate-limit"
import { RateLimitAction, IdentifierType } from "@isl/stdlib-rate-limit/types"

behavior ProtectedEndpoint {
  input {
    user_id: UUID
    ip_address: String
  }
  
  flow {
    step 1: CheckRateLimit(
      key: input.ip_address,
      identifier_type: IP,
      config_name: "api"
    )
    step 2: when step_1.action == DENY {
      return error RATE_LIMITED
    }
    step 3: process_request()
  }
}

Behaviors

| Behavior | Description | |----------|-------------| | CheckRateLimit | Check if request should be allowed | | IncrementCounter | Increment counter after request | | CheckAndIncrement | Atomic check and increment | | GetBucketStatus | Get current bucket status | | BlockIdentifier | Manually block an identifier | | UnblockIdentifier | Remove a block | | IsBlocked | Check if identifier is blocked | | RecordViolation | Record violation for analytics | | GetViolationHistory | Query violation history |

TypeScript Usage

Basic Usage

import { 
  createRateLimiter, 
  createMemoryStorage,
  RateLimitAction,
  IdentifierType
} from '@isl-lang/stdlib-rate-limit';

// Create rate limiter
const limiter = createRateLimiter({
  storage: createMemoryStorage(),
  configs: [
    {
      name: 'api',
      limit: 100,
      windowMs: 60 * 1000, // 1 minute
      warnThreshold: 0.8,
    },
    {
      name: 'login',
      limit: 5,
      windowMs: 15 * 60 * 1000, // 15 minutes
      blockDurationMs: 30 * 60 * 1000, // 30 min block on exceed
    }
  ]
});

// Check rate limit
const result = await limiter.check({
  key: '192.168.1.1',
  identifierType: IdentifierType.IP,
  configName: 'api'
});

if (result.allowed) {
  // Process request
  console.log(`Remaining: ${result.remaining}/${result.limit}`);
} else {
  console.log(`Rate limited. Retry after ${result.retryAfterMs}ms`);
}

Express Middleware

import express from 'express';
import { 
  createRateLimiter, 
  createMemoryStorage,
  rateLimitMiddleware,
  ipRateLimit,
  userRateLimit
} from '@isl-lang/stdlib-rate-limit';

const app = express();

const limiter = createRateLimiter({
  storage: createMemoryStorage(),
  configs: [
    { name: 'general', limit: 100, windowMs: 60000 },
    { name: 'auth', limit: 5, windowMs: 900000 },
  ]
});

// Apply to all routes
app.use(rateLimitMiddleware({
  limiter,
  configName: 'general'
}));

// Stricter limit for auth endpoints
app.use('/api/auth', ipRateLimit(limiter, 'auth'));

// User-based limit for authenticated routes
app.use('/api/user', userRateLimit(limiter, 'general'));

Redis Storage (Distributed)

import Redis from 'ioredis';
import { createRateLimiter, createRedisStorage } from '@isl-lang/stdlib-rate-limit';

const redis = new Redis(process.env.REDIS_URL);

const limiter = createRateLimiter({
  storage: createRedisStorage({
    client: redis,
    keyPrefix: 'myapp:ratelimit:'
  }),
  configs: [
    { name: 'api', limit: 1000, windowMs: 60000 }
  ]
});

Manual Blocking

// Block an IP for 1 hour
await limiter.block({
  key: '192.168.1.100',
  identifierType: IdentifierType.IP,
  durationMs: 60 * 60 * 1000,
  reason: 'Suspicious activity detected'
});

// Check if blocked
const { blocked, reason, expiresAt } = await limiter.isBlocked(
  '192.168.1.100',
  IdentifierType.IP
);

// Unblock
await limiter.unblock({
  key: '192.168.1.100',
  identifierType: IdentifierType.IP,
  reason: 'Verified legitimate user'
});

Rate Limit Actions

| Action | Description | |--------|-------------| | ALLOW | Request allowed, under limit | | WARN | Request allowed, approaching limit | | THROTTLE | Request should be delayed | | DENY | Request rejected, limit exceeded | | CAPTCHA | Require captcha verification |

Configuration Options

| Option | Type | Default | Description | |--------|------|---------|-------------| | name | string | required | Unique config identifier | | limit | number | required | Max requests per window | | windowMs | number | required | Window size in milliseconds | | algorithm | enum | SLIDING_WINDOW | Rate limit algorithm | | warnThreshold | number | - | Percentage to trigger WARN | | throttleThreshold | number | - | Percentage to trigger THROTTLE | | blockDurationMs | number | - | Auto-block duration on exceed | | escalationMultiplier | number | 2 | Multiplier for repeated violations | | bypassRoles | string[] | - | Roles that bypass limit | | bypassIps | string[] | - | IPs that bypass limit |

Response Headers

Standard headers are automatically added:

RateLimit-Limit: 100
RateLimit-Remaining: 95
RateLimit-Reset: 1704067200
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704067200
Retry-After: 60  (only when rate limited)

Contract Guarantees

Preconditions

  • Key must be non-empty string
  • Config must exist
  • Weight must be >= 1

Postconditions

  • Remaining count never negative
  • Reset time always in future
  • Headers match result values

Temporal Constraints

  • Check: < 10ms p50, < 50ms p99
  • Increment: < 20ms p99
  • Block operations: < 100ms p99

Invariants

  • Atomic check-and-increment operations
  • No double-counting on retry
  • Consistent state across distributed nodes (with Redis)

Versioning

| Package Version | ISL Version | Node.js | Breaking Changes | |-----------------|-------------|---------|------------------| | 1.0.x | 1.0.0 | >= 18 | Initial release |

License

MIT