npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@open-composer/posthog-worker

v1.0.3

Published

Cloudflare Worker for anonymous PostHog logging with IP-based rate limiting

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

shunkakinokishunkakinoki

Keywords

Readme

PostHog Anonymous Logger Worker

A TypeScript Cloudflare Worker that provides anonymous event logging to PostHog with IP-based rate limiting for abuse prevention.

Features

  • TypeScript: Full type safety and better developer experience
  • Anonymous Event Logging: Strips personally identifiable information and forwards events to PostHog
  • IP-Based Rate Limiting: Uses Durable Objects to prevent abuse (100 requests per minute per IP)
  • CORS Support: Handles cross-origin requests for web applications
  • Error Handling: Comprehensive error handling and response formatting
  • Comprehensive Testing: Unit tests using Vitest and Cloudflare Workers testing framework

Setup

  1. Install Dependencies:

    npm install

  2. Configure PostHog API Key: Update the POSTHOG_PROJECT_API_KEY variable in wrangler.toml with your PostHog project API key.

  3. Set up Rate Limiting (Optional): If you want to use the native Rate Limiting API instead of Durable Objects, update the namespace_id in the wrangler.toml file with your Cloudflare namespace ID.

  4. Deploy:

    npm run deploy

Usage

Send POST requests to the worker endpoint with the following structure:

interface IncomingEvent {
  event?: string;
  properties?: Record<string, any>;
  anonymous_id?: string;
  timestamp?: string;
}

Example request:

{
  "event": "button_click",
  "properties": {
    "button_name": "signup",
    "page": "landing"
  },
  "anonymous_id": "optional-anonymous-id"
}

The worker will:

  • Check rate limits based on client IP
  • Strip any identifying information ($set, $set_once, distinct_id)
  • Add anonymous identifiers ($ip, anonymous_id)
  • Forward the event to PostHog

Rate Limiting

  • Limit: 100 requests per minute per IP address
  • Method: Sliding window using Durable Objects
  • Response: 429 status with retry-after header when exceeded
  • Cleanup: Automatically removes old rate limit windows

Testing

The project includes comprehensive tests using Vitest and Cloudflare Workers testing framework:

# Run tests once
npm run test

# Run tests in watch mode
npm run test:watch

# Type check
npm run type-check

Test Coverage

  • CORS handling: Preflight requests and headers
  • HTTP method validation: Only POST requests allowed
  • Rate limiting: IP-based limits with Durable Objects
  • Event processing: JSON parsing and PostHog forwarding
  • Data sanitization: Removal of identifying information
  • Error handling: Invalid JSON and network errors
  • Edge cases: Concurrent requests, window boundaries, cleanup

Security Considerations

  • IP-based rate limiting may affect users behind shared proxies
  • No authentication required for anonymous logging
  • Events are sanitized to remove identifying information
  • CORS is enabled for all origins (consider restricting in production)
  • All personally identifiable properties are stripped

Configuration

Environment Variables in wrangler.toml:

  • POSTHOG_HOST: PostHog instance URL (default: https://app.posthog.com)
  • POSTHOG_PROJECT_API_KEY: Your PostHog project API key

TypeScript Configuration:

  • Target: ES2022
  • Module: ES2022 with bundler resolution
  • Strict mode: Enabled for type safety
  • Workers Types: @cloudflare/workers-types included

Development

# Start local development server
npm run dev

# Build (dry run deploy)
npm run build

# Type check
npm run type-check

# Run tests
npm run test

# View logs
npm run tail

# Deploy to production
npm run deploy

File Structure

workers/
├── src/
│   └── index.ts           # Main worker code
├── test/
│   ├── index.test.ts      # Main worker tests
│   ├── rate-limiter.test.ts # Rate limiter specific tests
│   └── setup.ts           # Test setup and mocks
├── package.json           # Dependencies and scripts
├── tsconfig.json          # TypeScript configuration
├── vitest.config.ts       # Test configuration
├── wrangler.toml          # Cloudflare Workers configuration
└── README.md              # This file