{"id":17553,"library":"connect-ratelimit","title":"Connect Rate Limit Middleware","description":"connect-ratelimit is a Connect middleware designed to limit the number of requests per client IP address or hostname to a Node.js server. As of its last known update, it is at version 0.0.7, indicating a very early stage of development and a likely abandoned status, with no new releases since August 2014. It distinguishes clients using `req.headers['x-forwarded-for']` or `req.connection.remoteAddress` and supports flexible rate limiting rules through configurable 'normal', 'whitelist', and 'blacklist' categories. Uniquely, it offers an `end` option to either prematurely terminate the middleware chain with a 'Rate limit exceeded' message or allow the chain to continue, augmenting the `response` object with rate limit details for custom handling. This package is built for the `connect` framework, which is less commonly used directly in modern Node.js web applications, often replaced by frameworks like Express. Its core differentiation lies in its direct integration with `connect`'s simple middleware pattern and its customizable category-based limiting, though newer, more robust alternatives exist for current Node.js ecosystems.","status":"abandoned","version":"0.0.7","language":"javascript","source_language":"en","source_url":"git://github.com/dharmafly/connect-ratelimit","tags":["javascript","connect","middleware","ip","limit","throttle","bandwidth"],"install":[{"cmd":"npm install connect-ratelimit","lang":"bash","label":"npm"},{"cmd":"yarn add connect-ratelimit","lang":"bash","label":"yarn"},{"cmd":"pnpm add connect-ratelimit","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"This package is a middleware specifically designed for the 'connect' framework.","package":"connect","optional":false}],"imports":[{"note":"This package is CommonJS-only and does not support ES module `import` syntax.","wrong":"import limiter from 'connect-ratelimit';","symbol":"limiter","correct":"const limiter = require('connect-ratelimit');"}],"quickstart":{"code":"const connect = require('connect');\nconst http = require('http');\nconst limiter = require('connect-ratelimit');\n\nconst app = connect();\n\n// Basic rate limiting: 500 requests/hour for 'normal' clients\n// 4000 requests/hour for 'whitelist', 0 for 'blacklist'\napp.use(limiter({\n  whitelist: ['127.0.0.1'], // Whitelist local IP\n  blacklist: ['example.com'], // Blacklist a domain\n  categories: {\n    normal: {\n      totalRequests: 5, // For demonstration, set a low limit\n      every: 60 * 1000 // 5 requests per minute\n    }\n  },\n  end: true // Terminate middleware chain if limit exceeded (default)\n}));\n\napp.use(function (req, res) {\n  res.end('Hello world! Your IP is: ' + (req.headers['x-forwarded-for'] || req.connection.remoteAddress));\n});\n\nhttp.createServer(app).listen(4000, () => {\n  console.log('Connect server running on http://localhost:4000');\n  console.log('Try refreshing the page to hit rate limits for 127.0.0.1');\n});","lang":"javascript","description":"Demonstrates basic rate limiting with whitelisting and custom categories using the 'connect' framework, running a simple HTTP server."},"warnings":[{"fix":"For Express.js, consider 'express-rate-limit' or 'rate-limiter-flexible'. If using 'connect', ensure your application correctly integrates 'connect' middleware.","message":"This package is explicitly designed for the 'connect' framework, which is an older middleware system. Direct usage with modern Express.js applications without an explicit 'connect' compatibility layer may lead to unexpected behavior or errors.","severity":"breaking","affected_versions":">=0.0.1"},{"fix":"Migrate to a actively maintained rate-limiting solution like 'express-rate-limit' (for Express) or 'rate-limiter-flexible' (for more general Node.js use cases).","message":"The package is version 0.0.7 and has not been updated since August 2014. It is considered abandoned and will not receive security patches, bug fixes, or compatibility updates for newer Node.js versions or evolving web standards. Using it in production is strongly discouraged.","severity":"breaking","affected_versions":">=0.0.1"},{"fix":"Ensure your proxy infrastructure correctly sets and forwards client IP headers. For more robust identification, consider rate limiters that integrate with other client attributes (e.g., authenticated user IDs, API keys) or use a trusted proxy solution.","message":"Client identification relies on `req.headers['x-forwarded-for']` or `req.connection.remoteAddress`. In environments behind a proxy (like Nginx, AWS ELB, etc.), `remoteAddress` will be the proxy's IP, and `x-forwarded-for` can be spoofed if the proxy isn't configured to set it correctly and securely. This can lead to incorrect rate limiting or bypasses.","severity":"gotcha","affected_versions":">=0.0.1"},{"fix":"If your project uses native ESM, you will need to use a compatible modern rate-limiting library. If you must use this package, ensure your project is configured for CommonJS or use dynamic `import()` within an async context (though this is not recommended for an abandoned package).","message":"This package is a CommonJS module, requiring `require()` for inclusion. It is not directly compatible with native ES Modules (ESM) without a transpilation step or a CommonJS wrapper.","severity":"breaking","affected_versions":">=0.0.1"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"This package is CommonJS-only. Either convert your consuming file to CommonJS (`.js` without `\"type\": \"module\"` in `package.json`) and use `const limiter = require('connect-ratelimit');`, or use a modern rate-limiting library compatible with ESM.","cause":"Attempting to import `connect-ratelimit` using ES module syntax (`import`) in a JavaScript file configured as an ES module.","error":"ReferenceError: require is not defined"},{"fix":"Ensure you are either using the `connect` framework directly (`const app = connect();`) or, if using Express, consider `express-rate-limit` which is designed for Express. If you must use this middleware with Express, you'd typically wrap it: `app.use(connect().use(limiter(...)));` which is generally not recommended.","cause":"Using the `connect-ratelimit` middleware directly with an `express` application instance without the `connect` compatibility layer.","error":"TypeError: app.use is not a function"},{"fix":"Verify that your proxy (e.g., Nginx, cloud load balancer) is correctly forwarding client IP addresses via the `X-Forwarded-For` header and that your Node.js application is trusting these headers. Also consider using a more modern rate-limiting solution that supports various client identification strategies.","cause":"The client identification mechanism (`x-forwarded-for` or `remoteAddress`) is not accurately reflecting the true client IP, often due to improper proxy configuration or IP spoofing.","error":"Client is not being rate limited, or is being rate limited incorrectly."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}