🚦 Rate Limiter Algorithm

Production-ready rate limiting library with adaptive penalties, Redis failover, state persistence, and comprehensive event system

✅ 97.7% Test Coverage 🚀 892 Tests Passing 📦 Beta Release 🔒 Zero Security Issues ⚡ Production Ready
View on GitHub View on NPM

97.7%

Test Coverage

892

Passing Tests

10

Event Types

0

ESLint Errors

🌟 Unique Features

🎯

Adaptive Penalties

Automatically detect and penalize abusive behavior with dynamic token adjustment. Perfect for spam detection and graduated responses.

🎁

Reward System

Bonus tokens for quality users and good behavior. Encourage engagement while maintaining security.

🚫

Block Duration

Temporary bans with automatic expiry. Ideal for failed login protection and security holds.

🔄

Redis Failover

Insurance limiter automatically falls back to in-memory when Redis fails. Never lose uptime.

💾

State Persistence

Save and restore bucket state for crash recovery. Zero downtime during restarts.

📡

10 Event Types

Comprehensive event system for monitoring: allowed, rateLimitExceeded, penalty, reward, blocked, unblocked, reset, and more.

Express Middleware

Drop-in middleware for Express.js with per-IP, per-user, and global rate limiting patterns.

🔧

TypeScript Ready

Full TypeScript definitions with IntelliSense support. Type-safe event listeners and middleware.

📊

Manual Control

Direct token manipulation for admin overrides. Get, set, reset, consume, add, and remove tokens programmatically.

🎮 Try the Interactive Demo

Test all features in action with our comprehensive demo application. See adaptive penalties, block duration, and event streaming in real-time!

Launch Demo

🚀 Quick Start

Installation

npm install rate-limiter-core@beta

Basic Usage

const { TokenBucket } = require('rate-limiter-core');

// Create a rate limiter: 100 requests, refill 10 per second
const bucket = new TokenBucket(100, 10);

// Check if request is allowed
if (bucket.allowRequest()) {
  console.log('Request allowed!');
} else {
  console.log('Rate limit exceeded');
}

Express Middleware

const express = require('express');
const { perIpRateLimit } = require('rate-limiter-core');

const app = express();

// Apply rate limiting to all routes
app.use(perIpRateLimit({
  capacity: 100,
  refillRate: 10
}));

app.get('/api/data', (req, res) => {
  res.json({ message: 'Success!' });
});

Adaptive Penalties

// Detect spam and apply penalty
if (isSpam(message)) {
  bucket.penalty(5); // Remove 5 tokens
}

// Reward quality content
if (isQuality(message)) {
  bucket.reward(2); // Add 2 bonus tokens
}

📚 Documentation

📖 API Reference

Complete API documentation for all classes and methods

⚡ Express Guide

Express.js middleware integration and examples

🔄 Redis Setup

Distributed rate limiting with Redis

✅ Best Practices

Production deployment guide and optimization tips

💾 State Persistence

Save/restore limiter state for crash recovery

📋 Changelog

Release notes and version history

💡 Why Rate Limiting?

🛡️ Prevent Abuse

Protect your API from spam, scrapers, and DDoS attacks. Maintain service quality for legitimate users.

💰 Control Costs

Manage API costs and prevent bill shock. Essential for cloud services with usage-based pricing.

⚡ Ensure Performance

Prevent system overload and maintain response times. Fair resource distribution across all users.

🤝 Join the Community

We welcome contributions! Report issues, submit pull requests, or join discussions on GitHub.

Report Issue Contributing Guide