{"id":17886,"library":"rate-limit-mongo","title":"Rate Limit Mongo Store","description":"rate-limit-mongo is a specialized MongoDB store designed for the popular `express-rate-limit` middleware, currently at version 2.3.2. This package provides a persistent, database-backed storage mechanism for rate limiting records, moving beyond in-memory or Redis solutions. It leverages MongoDB's TTL (Time-To-Live) indexes to automatically expire rate limiting entries, ensuring efficient cleanup and preventing stale data. While not on a strict release cadence, updates typically align with bug fixes or `express-rate-limit`/MongoDB driver compatibility improvements. Its primary differentiation lies in offering a robust, low-configuration MongoDB-specific solution for managing API rate limits, particularly beneficial for applications already using MongoDB and requiring shared, persistent rate limit counters across multiple instances.","status":"active","version":"2.3.2","language":"javascript","source_language":"en","source_url":"ssh://git@github.com/2do2go/rate-limit-mongo","tags":["javascript","express-rate-limit","express","rate","limit","ratelimit","rate-limit","security","brute"],"install":[{"cmd":"npm install rate-limit-mongo","lang":"bash","label":"npm"},{"cmd":"yarn add rate-limit-mongo","lang":"bash","label":"yarn"},{"cmd":"pnpm add rate-limit-mongo","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required to connect to and store rate limit records in a MongoDB database.","package":"mongodb","optional":false}],"imports":[{"note":"The package exports the `MongoStore` class as a default export for ESM environments.","wrong":"import { MongoStore } from 'rate-limit-mongo';","symbol":"MongoStore","correct":"import MongoStore from 'rate-limit-mongo';"},{"note":"The package exports the `MongoStore` class directly as its `module.exports` for CommonJS environments.","wrong":"const { MongoStore } = require('rate-limit-mongo');","symbol":"MongoStore","correct":"const MongoStore = require('rate-limit-mongo');"}],"quickstart":{"code":"const RateLimit = require('express-rate-limit');\nconst MongoStore = require('rate-limit-mongo');\n\nconst limiter = new RateLimit({\n  store: new MongoStore({\n    uri: process.env.MONGO_URI ?? 'mongodb://127.0.0.1:27017/test_db',\n    user: process.env.MONGO_USER ?? '',\n    password: process.env.MONGO_PASSWORD ?? '',\n    expireTimeMs: 15 * 60 * 1000, // Should match windowMs\n    errorHandler: console.error.bind(null, 'rate-limit-mongo store error')\n  }),\n  max: 100,\n  windowMs: 15 * 60 * 1000 // Should match expireTimeMs\n});\n\n// Example of how to apply it in an Express app (assuming 'app' is an Express instance)\n// app.use(limiter);","lang":"javascript","description":"This code demonstrates the basic setup of `rate-limit-mongo` as a store for `express-rate-limit`, configuring connection details and matching `expireTimeMs` with `windowMs`."},"warnings":[{"fix":"Ensure `expireTimeMs` in `MongoStore` options and `windowMs` in `RateLimit` options are numerically equivalent (e.g., both 15 * 60 * 1000 for 15 minutes).","message":"The `expireTimeMs` option in `rate-limit-mongo` and the `windowMs` option in `express-rate-limit` should be set to identical values. Mismatching these values will result in incorrect `Retry-After` headers being sent to clients.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Account for this delay in application logic if strict immediate deletion is required, or consider shorter `expireTimeMs` for more aggressive cleanup (though this increases database write load).","message":"MongoDB TTL indexes operate on a background task that runs every 60 seconds. Consequently, expired documents may persist in the collection for a period between their expiration and the task's execution.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"If index creation fails or is not desired from the application, set `createTtlIndex: false` in the `MongoStore` options and ensure the TTL index is manually created on the collection (`db.collection.createIndex({ expirationDate: 1 }, { expireAfterSeconds: 0 })`).","message":"By default, `rate-limit-mongo` attempts to create a TTL index on the collection. If the MongoDB user lacks permissions for index creation, this operation will fail. The `createTtlIndex: false` option can suppress this behavior.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Monitor `mongodb` driver release notes for changes to connection options. Explicitly define all desired connection options via the `connectionOptions` property to maintain control over connection behavior.","message":"The default MongoDB connection options `useUnifiedTopology: true` and `useNewUrlParser: true` are implicitly applied. These options may become deprecated or change behavior in future versions of the MongoDB Node.js driver.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Ensure the MongoDB server is running and accessible from the application host. Verify the `uri` provided in the `MongoStore` configuration is correct and points to an active MongoDB instance.","cause":"The MongoDB server is not running or the connection URI is incorrect.","error":"MongoNetworkError: failed to connect to server [127.0.0.1:27017] on first connect"},{"fix":"Verify that the `user` and `password` fields in the `MongoStore` configuration match valid MongoDB credentials with access to the specified database or `authSource`.","cause":"Incorrect username or password provided for MongoDB authentication.","error":"MongoError: Authentication failed."},{"fix":"Drop the existing index (`db.collection.dropIndex('expirationDate_1')`) or ensure the `createTtlIndex` option is set to `false` if you manage the index manually with the correct `expireAfterSeconds: 0` setting.","cause":"An existing index with the same name on the `expirationDate` field has different `expireAfterSeconds` settings than what `rate-limit-mongo` expects (which is 0).","error":"Error: TTL index 'expirationDate_1' already exists with different options."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}