{"id":18361,"library":"express-throttle","title":"Express Throttle","description":"Request throttling middleware for Express using a token bucket algorithm with sliding window refill. Version 2.0.0 is current stable. Enables per-route rate limiting with configurable burst capacity, rate, and key function (defaults to IP address). Supports half-requests and custom cost per request. Limitations: in-memory storage by default (not shared across processes), and race conditions when using custom external backends under high load. Recommended for single-process apps.","status":"active","version":"2.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/GlurG/express-throttle","tags":["javascript","throttle","request","express","middleware"],"install":[{"cmd":"npm install express-throttle","lang":"bash","label":"npm"},{"cmd":"yarn add express-throttle","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-throttle","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Peer dependency; throttling middleware for Express framework.","package":"express","optional":false}],"imports":[{"note":"Package uses CommonJS; no default ESM export. For TypeScript, use `import throttle = require('express-throttle');` or `const throttle = require('express-throttle');`.","wrong":"import throttle from 'express-throttle';","symbol":"throttle","correct":"const throttle = require('express-throttle');"}],"quickstart":{"code":"const express = require('express');\nconst throttle = require('express-throttle');\n\nconst app = express();\n\n// Allow 5 requests per second with a burst of 10\napp.get('/api', throttle({ burst: 10, rate: '5/s' }), (req, res) => {\n  res.json({ status: 'ok' });\n});\n\n// Allow 3 requests per minute (sliding window)\napp.post('/search', throttle({ rate: '3/m' }), (req, res) => {\n  res.json({ result: 'search done' });\n});\n\n// Custom key function (by session username)\napp.use('/user', throttle({\n  burst: 5,\n  rate: '1/s',\n  key: (req) => req.session?.username ?? req.ip\n}), (req, res) => {\n  res.json({ user: req.session.username });\n});\n\napp.listen(3000);","lang":"javascript","description":"Basic Express app with three rate-limited routes using express-throttle middleware."},"warnings":[{"fix":"Use a shared external storage backend (e.g., Redis), but be aware of race conditions under high load. Alternatively, ensure sticky sessions.","message":"In-memory storage is not shared across multiple processes. Throttling is per-process when behind a load balancer.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use `rate` for sliding window throttling instead of `period`.","message":"The `period` option (fixed time window) is deprecated in favor of `rate` (sliding window).","severity":"deprecated","affected_versions":">=2.0.0"},{"fix":"Configure Express trust proxy settings and provide a custom `key` function that uses `req.connection.remoteAddress` or `req.headers['x-forwarded-for']`.","message":"The default key function uses `req.ip`, which may return the load balancer's IP if not configured correctly.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use integer `cost` values to avoid fractional token counting.","message":"Half requests (0.5 cost) are allowed but may lead to unexpected behavior if not integral tokens.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use in-memory storage for single-process apps, or wait for a future version with atomic operations.","message":"External storage backends have race conditions; high load may cause erroneous throttling or allowing requests.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use `const throttle = require('express-throttle');` or `import * as throttle from 'express-throttle';`","cause":"Importing as default ESM import (`import throttle from 'express-throttle'`) while package exports CommonJS.","error":"TypeError: throttle is not a function"},{"fix":"Use correct rate string like '10/m' for 10 per minute.","cause":"Rate string format is incorrect. Valid format: number/unit (e.g., '5/s', '10/m', '2/h'). Unit must be one of 's', 'm', 'h'.","error":"RangeError: Invalid rate string: '10/minutes'"},{"fix":"Run `npm install express-throttle` in your project directory.","cause":"Package not installed.","error":"Error: Cannot find module 'express-throttle'"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}