Nepotistic Pontifex Maximus


    4.0.1 • Public • Published


    build status code style styled with prettier made with lass license

    Fork of koa-simple-ratelimit with better tests and options. Rate limiter middleware for koa v2. Differs from koa-ratelimit by not depending on ratelimiter and using redis ttl (time to live) to handle expiration time remaining. This creates only one entry in redis instead of the three that node-ratelimiter does.

    Table of Contents


    npm install @ladjs/koa-simple-ratelimit


    const Koa = require('koa');
    const Redis = require('ioredis-mock');
    const ratelimit = require('.');
    const app = new Koa();
        db: new Redis(),
        duration: 60_000,
        max: 100
    app.use((ctx) => {
      ctx.body = 'Stuff!';
    console.log('listening on port http://localhost:4000');
    module.exports = app;


    • max (Number) number of max requests within duration (defaults to 2500)
    • duration (Number) duration of limit in milliseconds (defaults to 3600000)
    • throw (Boolean) whether or not to throw an error with ctx.throw (defaults to false)
    • prefix (String) redis key prefix (defaults to limit)
    • id (Function) function accepting an argument ctx that returns an id to compare requests with (defaults to ip via ctx.ip)
    • allowlist (Array) an array of ids to allowlist (defaults to [])
    • blocklist (Array) an array of ids to blocklist (defaults to [])
    • logger (Function) a logger to log database errors with (to prevent app middleware requests from failing due to database connection issues) - set this value to false to disable the logger output
    • headers (Object) containing keys remaining, reset, and total which set the headers on the HTTP request to X-RateLimit-Remaining, X-RateLimit-Reset, and X-RateLimit-Limit by default respectively
    • errorMessage (Function) a function accepting an argument exp which is the number of milliseconds until limitation expiry (see code for default) – it also accepts a second argument of ctx
    • ignoredPathGlobs (Array) defaults to an empty Array, but you can pass an Array of glob paths to ignore


    Example 200 with header fields:

    HTTP/1.1 200 OK
    X-Powered-By: koa
    X-RateLimit-Limit: 100
    X-RateLimit-Remaining: 99
    X-RateLimit-Reset: 1384377793
    Content-Type: text/plain; charset=utf-8
    Content-Length: 6
    Date: Wed, 13 Nov 2013 21:22:13 GMT
    Connection: keep-alive

    Example 429 response:

    HTTP/1.1 429 Too Many Requests
    X-Powered-By: koa
    X-RateLimit-Limit: 100
    X-RateLimit-Remaining: 0
    X-RateLimit-Reset: 1384377716
    Content-Type: text/plain; charset=utf-8
    Content-Length: 39
    Retry-After: 7
    Date: Wed, 13 Nov 2013 21:21:48 GMT
    Connection: keep-alive
    Rate limit exceeded, retry in 8 seconds


    MIT © Scott Cooper


    npm i @ladjs/koa-simple-ratelimit

    DownloadsWeekly Downloads






    Unpacked Size

    10 kB

    Total Files


    Last publish


    • titanism
    • shadowgate15
    • niftylettuce
    • shaunwarman
    • spence-s