rate-limiter

A reliable rate limiter for Node.js with atomic Redis operations and configurable failover. Never fails silently.

Install

npm install @koder1431/rate-limiter

Usage

import { counter } from '@koder1431/rate-limiter'
import { createClient } from 'redis'

const redis = createClient()
await redis.connect()

const limiter = counter({
  redis,
  limit: 100,
  window: 60, // seconds
})

app.use('/api', limiter.middleware())

Algorithms

counter — fixed window. Simple and cheap. Best for most cases.

bucket — token bucket. Handles bursts gracefully. Better for APIs with variable traffic.

Failover

When Redis is unavailable, koder1431 decide what happens:

const limiter = counter({
  redis,
  limit: 100,
  window: 60,
  onError: 'pass',   // pass | block | memory
})

• pass — let all requests through
• block — reject all requests
• memory — fall back to in-memory limiting

Response headers

Every response includes standard headers per RFC 6585:

RateLimit-Limit: 100
RateLimit-Remaining: 42
RateLimit-Reset: 1711580400
Retry-After: 30

Custom key

By default limits by IP. Pass a custom key generator:

const limiter = counter({
  redis,
  limit: 100,
  window: 60,
  key: (req) => req.user.id,
})

License

MIT