@joint-ops/hitlimit-bun 1.1.0 → 1.1.2

package/README.md

@@ -6,36 +6,36 @@
 [![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/)
 [![Bun](https://img.shields.io/badge/Bun-Native-black.svg)](https://bun.sh)
 
-> The fastest rate limiter for Bun - 6M+ ops/sec with memory-first design | Elysia, Hono & Bun.serve
+> The fastest rate limiter for Bun - 5M+ ops/sec under real-world load | Elysia, Hono & Bun.serve
 
-**hitlimit-bun** is a blazing-fast, Bun-native rate limiting library for Bun.serve, Elysia, and Hono applications. **Memory-first by default** with 6.10M ops/sec performance (15.7x faster than SQLite). Optional persistence with native bun:sqlite or Redis when you need it.
+**hitlimit-bun** is a blazing-fast, Bun-native rate limiting library for Bun.serve, Elysia, and Hono applications. **Memory-first by default** with 5.62M ops/sec under real-world load (~15x faster than SQLite). Optional persistence with native bun:sqlite or Redis when you need it.
 
 **[Documentation](https://hitlimit.jointops.dev/docs/bun)** | **[GitHub](https://github.com/JointOps/hitlimit-monorepo)** | **[npm](https://www.npmjs.com/package/@joint-ops/hitlimit-bun)**
 
 ## ⚡ Why hitlimit-bun?
 
-**Memory-first for maximum performance.** 15.7x faster than SQLite in high-traffic scenarios.
+**Memory-first for maximum performance.** ~15x faster than SQLite.
 
 ```
 ┌─────────────────────────────────────────────────────────────────┐
 │                                                                 │
-│  Memory (v1.1+)     ██████████████████████████████  6.10M ops/s │
-│  SQLite (v1.0)      █░░░░░░░░░░░░░░░░░░░░░░░░░░░░  386K ops/s  │
+│  Memory (v1.1+)     ██████████████████████████████  5.62M ops/s │
+│  SQLite (v1.0)      █░░░░░░░░░░░░░░░░░░░░░░░░░░░░  383K ops/s  │
 │                                                                 │
-│  15.7x performance improvement with memory default             │
+│  ~15x performance improvement with memory default (10K IPs)    │
 │                                                                 │
 └─────────────────────────────────────────────────────────────────┘
 ```
 
-- **🚀 Memory-First** - 6.10M ops/sec by default (v1.1.0+), 15.7x faster than SQLite
+- **🚀 Memory-First** - 5.62M ops/sec under real-world load (v1.1+), ~15x faster than SQLite
 - **Bun Native** - Built specifically for Bun's runtime, not a Node.js port
 - **Zero Config** - Works out of the box with sensible defaults
 - **Framework Support** - First-class Elysia and Hono integration
-- **Optional Persistence** - SQLite (386K ops/sec) or Redis (6.9K ops/sec) when needed
+- **Optional Persistence** - SQLite (383K ops/sec) or Redis (6.6K ops/sec) when needed
 - **TypeScript First** - Full type safety and IntelliSense support
 - **Auto-Ban** - Automatically ban repeat offenders after threshold violations
 - **Shared Limits** - Group rate limits via groupId for teams/tenants
-- **Tiny Footprint** - ~23KB total, zero runtime dependencies
+- **Tiny Footprint** - ~18KB core bundle, zero runtime dependencies
 
 ## Installation
 
@@ -249,7 +249,7 @@ hitlimit({
     retryAfter: true  // Retry-After header on 429
   },
 
-  // Store (default: bun:sqlite)
+  // Store (default: memory)
   store: sqliteStore({ path: './ratelimit.db' }),
 
   // Skip rate limiting
@@ -274,39 +274,30 @@ hitlimit({
 
 ## Storage Backends
 
-### SQLite Store (Default)
+### Memory Store (Default)
 
-Uses Bun's native bun:sqlite for maximum performance. Default store.
+Fastest option, used by default. No persistence.
 
 ```typescript
 import { hitlimit } from '@joint-ops/hitlimit-bun'
 
-// Default - uses bun:sqlite with in-memory database
+// Default - uses memory store (no config needed)
 Bun.serve({
   fetch: hitlimit({}, handler)
 })
-
-// Custom path for persistence
-import { sqliteStore } from '@joint-ops/hitlimit-bun'
-
-Bun.serve({
-  fetch: hitlimit({
-    store: sqliteStore({ path: './ratelimit.db' })
-  }, handler)
-})
 ```
 
-### Memory Store
+### SQLite Store
 
-For simple use cases without persistence.
+Uses Bun's native bun:sqlite for persistent rate limiting.
 
 ```typescript
 import { hitlimit } from '@joint-ops/hitlimit-bun'
-import { memoryStore } from '@joint-ops/hitlimit-bun/stores/memory'
+import { sqliteStore } from '@joint-ops/hitlimit-bun'
 
 Bun.serve({
   fetch: hitlimit({
-    store: memoryStore()
+    store: sqliteStore({ path: './ratelimit.db' })
   }, handler)
 })
 ```
@@ -365,9 +356,9 @@ hitlimit-bun is optimized for Bun's runtime with native performance:
 
 | Store | Operations/sec | vs Node.js |
 |-------|----------------|------------|
-| **Memory** | 7,210,000+ | +130% faster |
-| **bun:sqlite** | 520,000+ | **+10% faster** 🔥 |
-| **Redis** | 6,900+ | +3% faster |
+| **Memory** | 5,620,000+ | +68% faster |
+| **bun:sqlite** | 383,000+ | ~same |
+| **Redis** | 6,600+ | ~same |
 
 ### HTTP Throughput
 
@@ -437,7 +428,7 @@ new Elysia()
 Node.js rate limiters like express-rate-limit use better-sqlite3 which relies on N-API bindings. In Bun, this adds overhead and loses the performance benefits of Bun's native runtime.
 
 **hitlimit-bun** is built specifically for Bun:
-- Uses native `bun:sqlite` (2.7x faster than better-sqlite3)
+- Uses native `bun:sqlite` (no N-API overhead)
 - No FFI overhead or Node.js polyfills
 - First-class Elysia framework support
 - Optimized for Bun.serve's request handling

package/dist/elysia.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"elysia.d.ts","sourceRoot":"","sources":["../src/elysia.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAKhE,MAAM,WAAW,qBAAsB,SAAQ,eAAe,CAAC;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC;IAClF;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAQD,wBAAgB,QAAQ,CAAC,OAAO,GAAE,qBAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuD3D"}
+{"version":3,"file":"elysia.d.ts","sourceRoot":"","sources":["../src/elysia.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,KAAK,EAAE,eAAe,EAAgE,MAAM,2BAA2B,CAAA;AAK9H,MAAM,WAAW,qBAAsB,SAAQ,eAAe,CAAC;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC;IAClF;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAkBD,wBAAgB,QAAQ,CAAC,OAAO,GAAE,qBAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyG3D"}

package/dist/elysia.js

@@ -1,49 +1,66 @@
 // @bun
 // src/stores/memory.ts
 class MemoryStore {
+  isSync = true;
   hits = new Map;
   bans = new Map;
   violations = new Map;
+  _result = { count: 0, resetAt: 0 };
+  sweepInterval;
+  constructor() {
+    this.sweepInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.hits) {
+        if (now >= entry.resetAt)
+          this.hits.delete(key);
+      }
+      for (const [key, ban] of this.bans) {
+        if (now >= ban.expiresAt)
+          this.bans.delete(key);
+      }
+      for (const [key, violation] of this.violations) {
+        if (now >= violation.resetAt)
+          this.violations.delete(key);
+      }
+    }, 1e4);
+    if (typeof this.sweepInterval.unref === "function") {
+      this.sweepInterval.unref();
+    }
+  }
   hit(key, windowMs, _limit) {
     const entry = this.hits.get(key);
     if (entry !== undefined) {
-      entry.count++;
-      return { count: entry.count, resetAt: entry.resetAt };
+      const now2 = Date.now();
+      if (now2 >= entry.resetAt) {
+        entry.count = 1;
+        entry.resetAt = now2 + windowMs;
+      } else {
+        entry.count++;
+      }
+      this._result.count = entry.count;
+      this._result.resetAt = entry.resetAt;
+      return this._result;
     }
     const now = Date.now();
     const resetAt = now + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.hits.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.hits.set(key, { count: 1, resetAt, timeoutId });
-    return { count: 1, resetAt };
+    this.hits.set(key, { count: 1, resetAt });
+    this._result.count = 1;
+    this._result.resetAt = resetAt;
+    return this._result;
   }
   isBanned(key) {
     const ban = this.bans.get(key);
     if (!ban)
       return false;
     if (Date.now() >= ban.expiresAt) {
-      clearTimeout(ban.timeoutId);
       this.bans.delete(key);
       return false;
     }
     return true;
   }
   ban(key, durationMs) {
-    const existing = this.bans.get(key);
-    if (existing)
-      clearTimeout(existing.timeoutId);
     const expiresAt = Date.now() + durationMs;
-    const timeoutId = setTimeout(() => {
-      this.bans.delete(key);
-    }, durationMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.bans.set(key, { expiresAt, timeoutId });
+    this.bans.set(key, { expiresAt });
   }
   recordViolation(key, windowMs) {
     const entry = this.violations.get(key);
@@ -51,47 +68,19 @@ class MemoryStore {
       entry.count++;
       return entry.count;
     }
-    if (entry)
-      clearTimeout(entry.timeoutId);
     const resetAt = Date.now() + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.violations.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.violations.set(key, { count: 1, resetAt, timeoutId });
+    this.violations.set(key, { count: 1, resetAt });
     return 1;
   }
   reset(key) {
-    const entry = this.hits.get(key);
-    if (entry) {
-      clearTimeout(entry.timeoutId);
-      this.hits.delete(key);
-    }
-    const ban = this.bans.get(key);
-    if (ban) {
-      clearTimeout(ban.timeoutId);
-      this.bans.delete(key);
-    }
-    const violation = this.violations.get(key);
-    if (violation) {
-      clearTimeout(violation.timeoutId);
-      this.violations.delete(key);
-    }
+    this.hits.delete(key);
+    this.bans.delete(key);
+    this.violations.delete(key);
   }
   shutdown() {
-    for (const [, entry] of this.hits) {
-      clearTimeout(entry.timeoutId);
-    }
+    clearInterval(this.sweepInterval);
     this.hits.clear();
-    for (const [, entry] of this.bans) {
-      clearTimeout(entry.timeoutId);
-    }
     this.bans.clear();
-    for (const [, entry] of this.violations) {
-      clearTimeout(entry.timeoutId);
-    }
     this.violations.clear();
   }
 }
@@ -280,6 +269,12 @@ var instanceCounter = 0;
 function getDefaultKey(_ctx) {
   return "unknown";
 }
+function buildResponseBody(response, info) {
+  if (typeof response === "function") {
+    return response(info);
+  }
+  return { ...response, limit: info.limit, remaining: info.remaining, resetIn: info.resetIn };
+}
 function hitlimit(options = {}) {
   const pluginName = options.name ?? `hitlimit-${instanceCounter++}`;
   if (options.sqlitePath && !options.store) {
@@ -287,6 +282,56 @@ function hitlimit(options = {}) {
   }
   const store = options.store ?? memoryStore();
   const config = resolveConfig(options, store, getDefaultKey);
+  const hasSkip = !!config.skip;
+  const hasTiers = !!(config.tier && config.tiers);
+  const hasBan = !!config.ban;
+  const hasGroup = !!config.group;
+  const standardHeaders = config.headers.standard;
+  const legacyHeaders = config.headers.legacy;
+  const retryAfterHeader = config.headers.retryAfter;
+  const limit = config.limit;
+  const windowMs = config.windowMs;
+  const responseConfig = config.response;
+  const isSyncStore = store.isSync === true;
+  const isSyncKey = !options.key;
+  if (!hasSkip && !hasTiers && !hasBan && !hasGroup && isSyncStore && isSyncKey) {
+    return new Elysia({ name: pluginName }).onBeforeHandle({ as: "scoped" }, ({ set }) => {
+      const key = "unknown";
+      const result = store.hit(key, windowMs, limit);
+      const allowed = result.count <= limit;
+      const remaining = Math.max(0, limit - result.count);
+      const resetIn = Math.ceil((result.resetAt - Date.now()) / 1000);
+      if (standardHeaders) {
+        set.headers["RateLimit-Limit"] = String(limit);
+        set.headers["RateLimit-Remaining"] = String(remaining);
+        set.headers["RateLimit-Reset"] = String(resetIn);
+      }
+      if (legacyHeaders) {
+        set.headers["X-RateLimit-Limit"] = String(limit);
+        set.headers["X-RateLimit-Remaining"] = String(remaining);
+        set.headers["X-RateLimit-Reset"] = String(Math.ceil(result.resetAt / 1000));
+      }
+      if (!allowed) {
+        if (retryAfterHeader) {
+          set.headers["Retry-After"] = String(resetIn);
+        }
+        const body = buildResponseBody(responseConfig, {
+          limit,
+          remaining: 0,
+          resetIn,
+          resetAt: result.resetAt,
+          key
+        });
+        set.status = 429;
+        const headers = { "Content-Type": "application/json" };
+        for (const [k, v] of Object.entries(set.headers)) {
+          if (v != null)
+            headers[k] = String(v);
+        }
+        return new Response(JSON.stringify(body), { status: 429, headers });
+      }
+    });
+  }
   return new Elysia({ name: pluginName }).onBeforeHandle({ as: "scoped" }, async ({ request, set }) => {
     const ctx = { request };
     if (config.skip) {
@@ -302,13 +347,12 @@ function hitlimit(options = {}) {
       });
       if (!result.allowed) {
         set.status = 429;
-        return new Response(JSON.stringify(result.body), {
-          status: 429,
-          headers: {
-            "Content-Type": "application/json",
-            ...result.headers
-          }
-        });
+        const headers = { "Content-Type": "application/json" };
+        for (const [k, v] of Object.entries(result.headers)) {
+          if (v != null)
+            headers[k] = String(v);
+        }
+        return new Response(JSON.stringify(result.body), { status: 429, headers });
       }
     } catch (error) {
       const action = await config.onStoreError(error, ctx);

package/dist/hono.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hono.d.ts","sourceRoot":"","sources":["../src/hono.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAWhE,wBAAgB,QAAQ,CAAC,OAAO,GAAE,eAAe,CAAC,OAAO,CAAM;;kBAgC9D"}
+{"version":3,"file":"hono.d.ts","sourceRoot":"","sources":["../src/hono.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAgE,MAAM,2BAA2B,CAAA;AAqB9H,wBAAgB,QAAQ,CAAC,OAAO,GAAE,eAAe,CAAC,OAAO,CAAM;;kBAkF9D"}

package/dist/hono.js

@@ -1,49 +1,66 @@
 // @bun
 // src/stores/memory.ts
 class MemoryStore {
+  isSync = true;
   hits = new Map;
   bans = new Map;
   violations = new Map;
+  _result = { count: 0, resetAt: 0 };
+  sweepInterval;
+  constructor() {
+    this.sweepInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.hits) {
+        if (now >= entry.resetAt)
+          this.hits.delete(key);
+      }
+      for (const [key, ban] of this.bans) {
+        if (now >= ban.expiresAt)
+          this.bans.delete(key);
+      }
+      for (const [key, violation] of this.violations) {
+        if (now >= violation.resetAt)
+          this.violations.delete(key);
+      }
+    }, 1e4);
+    if (typeof this.sweepInterval.unref === "function") {
+      this.sweepInterval.unref();
+    }
+  }
   hit(key, windowMs, _limit) {
     const entry = this.hits.get(key);
     if (entry !== undefined) {
-      entry.count++;
-      return { count: entry.count, resetAt: entry.resetAt };
+      const now2 = Date.now();
+      if (now2 >= entry.resetAt) {
+        entry.count = 1;
+        entry.resetAt = now2 + windowMs;
+      } else {
+        entry.count++;
+      }
+      this._result.count = entry.count;
+      this._result.resetAt = entry.resetAt;
+      return this._result;
     }
     const now = Date.now();
     const resetAt = now + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.hits.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.hits.set(key, { count: 1, resetAt, timeoutId });
-    return { count: 1, resetAt };
+    this.hits.set(key, { count: 1, resetAt });
+    this._result.count = 1;
+    this._result.resetAt = resetAt;
+    return this._result;
   }
   isBanned(key) {
     const ban = this.bans.get(key);
     if (!ban)
       return false;
     if (Date.now() >= ban.expiresAt) {
-      clearTimeout(ban.timeoutId);
       this.bans.delete(key);
       return false;
     }
     return true;
   }
   ban(key, durationMs) {
-    const existing = this.bans.get(key);
-    if (existing)
-      clearTimeout(existing.timeoutId);
     const expiresAt = Date.now() + durationMs;
-    const timeoutId = setTimeout(() => {
-      this.bans.delete(key);
-    }, durationMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.bans.set(key, { expiresAt, timeoutId });
+    this.bans.set(key, { expiresAt });
   }
   recordViolation(key, windowMs) {
     const entry = this.violations.get(key);
@@ -51,47 +68,19 @@ class MemoryStore {
       entry.count++;
       return entry.count;
     }
-    if (entry)
-      clearTimeout(entry.timeoutId);
     const resetAt = Date.now() + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.violations.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.violations.set(key, { count: 1, resetAt, timeoutId });
+    this.violations.set(key, { count: 1, resetAt });
     return 1;
   }
   reset(key) {
-    const entry = this.hits.get(key);
-    if (entry) {
-      clearTimeout(entry.timeoutId);
-      this.hits.delete(key);
-    }
-    const ban = this.bans.get(key);
-    if (ban) {
-      clearTimeout(ban.timeoutId);
-      this.bans.delete(key);
-    }
-    const violation = this.violations.get(key);
-    if (violation) {
-      clearTimeout(violation.timeoutId);
-      this.violations.delete(key);
-    }
+    this.hits.delete(key);
+    this.bans.delete(key);
+    this.violations.delete(key);
   }
   shutdown() {
-    for (const [, entry] of this.hits) {
-      clearTimeout(entry.timeoutId);
-    }
+    clearInterval(this.sweepInterval);
     this.hits.clear();
-    for (const [, entry] of this.bans) {
-      clearTimeout(entry.timeoutId);
-    }
     this.bans.clear();
-    for (const [, entry] of this.violations) {
-      clearTimeout(entry.timeoutId);
-    }
     this.violations.clear();
   }
 }
@@ -279,9 +268,60 @@ async function checkLimit(config, req) {
 function getDefaultKey(c) {
   return c.req.header("x-forwarded-for")?.split(",")[0]?.trim() || c.req.header("x-real-ip") || "unknown";
 }
+function buildResponseBody(response, info) {
+  if (typeof response === "function") {
+    return response(info);
+  }
+  return { ...response, limit: info.limit, remaining: info.remaining, resetIn: info.resetIn };
+}
 function hitlimit(options = {}) {
   const store = options.store ?? memoryStore();
   const config = resolveConfig(options, store, getDefaultKey);
+  const hasSkip = !!config.skip;
+  const hasTiers = !!(config.tier && config.tiers);
+  const hasBan = !!config.ban;
+  const hasGroup = !!config.group;
+  const standardHeaders = config.headers.standard;
+  const legacyHeaders = config.headers.legacy;
+  const retryAfterHeader = config.headers.retryAfter;
+  const limit = config.limit;
+  const windowMs = config.windowMs;
+  const responseConfig = config.response;
+  const isSyncStore = store.isSync === true;
+  const isSyncKey = !options.key;
+  if (!hasSkip && !hasTiers && !hasBan && !hasGroup && isSyncStore && isSyncKey) {
+    return createMiddleware(async (c, next) => {
+      const key = c.req.header("x-forwarded-for")?.split(",")[0]?.trim() || c.req.header("x-real-ip") || "unknown";
+      const result = store.hit(key, windowMs, limit);
+      const allowed = result.count <= limit;
+      const remaining = Math.max(0, limit - result.count);
+      const resetIn = Math.ceil((result.resetAt - Date.now()) / 1000);
+      if (standardHeaders) {
+        c.header("RateLimit-Limit", String(limit));
+        c.header("RateLimit-Remaining", String(remaining));
+        c.header("RateLimit-Reset", String(resetIn));
+      }
+      if (legacyHeaders) {
+        c.header("X-RateLimit-Limit", String(limit));
+        c.header("X-RateLimit-Remaining", String(remaining));
+        c.header("X-RateLimit-Reset", String(Math.ceil(result.resetAt / 1000)));
+      }
+      if (!allowed) {
+        if (retryAfterHeader) {
+          c.header("Retry-After", String(resetIn));
+        }
+        const body = buildResponseBody(responseConfig, {
+          limit,
+          remaining: 0,
+          resetIn,
+          resetAt: result.resetAt,
+          key
+        });
+        return c.json(body, 429);
+      }
+      await next();
+    });
+  }
   return createMiddleware(async (c, next) => {
     if (config.skip) {
       const shouldSkip = await config.skip(c);

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAEhE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAG9C,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,cAAc,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AACjS,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC7G,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,CAAA;AAErB,MAAM,WAAW,kBAAmB,SAAQ,eAAe,CAAC,OAAO,CAAC;IAClE;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,KAAK,SAAS,GAAG;IAAE,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;CAAE,CAAA;AAExE,KAAK,YAAY,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAMrF,wBAAgB,QAAQ,CACtB,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,YAAY,GACpB,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CA2JnE;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAClF,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;CACzC;AAED,wBAAgB,cAAc,CAAC,OAAO,GAAE,kBAAuB,GAAG,UAAU,CA0D3E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAEhE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAG9C,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,cAAc,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AACjS,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC7G,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,CAAA;AAErB,MAAM,WAAW,kBAAmB,SAAQ,eAAe,CAAC,OAAO,CAAC;IAClE;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,KAAK,SAAS,GAAG;IAAE,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;CAAE,CAAA;AAExE,KAAK,YAAY,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;AAMrF,wBAAgB,QAAQ,CACtB,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,YAAY,GACpB,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAsPnE;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAClF,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;CACzC;AAED,wBAAgB,cAAc,CAAC,OAAO,GAAE,kBAAuB,GAAG,UAAU,CA0D3E"}

package/dist/index.js

@@ -1,49 +1,66 @@
 // @bun
 // src/stores/memory.ts
 class MemoryStore {
+  isSync = true;
   hits = new Map;
   bans = new Map;
   violations = new Map;
+  _result = { count: 0, resetAt: 0 };
+  sweepInterval;
+  constructor() {
+    this.sweepInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.hits) {
+        if (now >= entry.resetAt)
+          this.hits.delete(key);
+      }
+      for (const [key, ban] of this.bans) {
+        if (now >= ban.expiresAt)
+          this.bans.delete(key);
+      }
+      for (const [key, violation] of this.violations) {
+        if (now >= violation.resetAt)
+          this.violations.delete(key);
+      }
+    }, 1e4);
+    if (typeof this.sweepInterval.unref === "function") {
+      this.sweepInterval.unref();
+    }
+  }
   hit(key, windowMs, _limit) {
     const entry = this.hits.get(key);
     if (entry !== undefined) {
-      entry.count++;
-      return { count: entry.count, resetAt: entry.resetAt };
+      const now2 = Date.now();
+      if (now2 >= entry.resetAt) {
+        entry.count = 1;
+        entry.resetAt = now2 + windowMs;
+      } else {
+        entry.count++;
+      }
+      this._result.count = entry.count;
+      this._result.resetAt = entry.resetAt;
+      return this._result;
     }
     const now = Date.now();
     const resetAt = now + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.hits.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.hits.set(key, { count: 1, resetAt, timeoutId });
-    return { count: 1, resetAt };
+    this.hits.set(key, { count: 1, resetAt });
+    this._result.count = 1;
+    this._result.resetAt = resetAt;
+    return this._result;
   }
   isBanned(key) {
     const ban = this.bans.get(key);
     if (!ban)
       return false;
     if (Date.now() >= ban.expiresAt) {
-      clearTimeout(ban.timeoutId);
       this.bans.delete(key);
       return false;
     }
     return true;
   }
   ban(key, durationMs) {
-    const existing = this.bans.get(key);
-    if (existing)
-      clearTimeout(existing.timeoutId);
     const expiresAt = Date.now() + durationMs;
-    const timeoutId = setTimeout(() => {
-      this.bans.delete(key);
-    }, durationMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.bans.set(key, { expiresAt, timeoutId });
+    this.bans.set(key, { expiresAt });
   }
   recordViolation(key, windowMs) {
     const entry = this.violations.get(key);
@@ -51,47 +68,19 @@ class MemoryStore {
       entry.count++;
       return entry.count;
     }
-    if (entry)
-      clearTimeout(entry.timeoutId);
     const resetAt = Date.now() + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.violations.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.violations.set(key, { count: 1, resetAt, timeoutId });
+    this.violations.set(key, { count: 1, resetAt });
     return 1;
   }
   reset(key) {
-    const entry = this.hits.get(key);
-    if (entry) {
-      clearTimeout(entry.timeoutId);
-      this.hits.delete(key);
-    }
-    const ban = this.bans.get(key);
-    if (ban) {
-      clearTimeout(ban.timeoutId);
-      this.bans.delete(key);
-    }
-    const violation = this.violations.get(key);
-    if (violation) {
-      clearTimeout(violation.timeoutId);
-      this.violations.delete(key);
-    }
+    this.hits.delete(key);
+    this.bans.delete(key);
+    this.violations.delete(key);
   }
   shutdown() {
-    for (const [, entry] of this.hits) {
-      clearTimeout(entry.timeoutId);
-    }
+    clearInterval(this.sweepInterval);
     this.hits.clear();
-    for (const [, entry] of this.bans) {
-      clearTimeout(entry.timeoutId);
-    }
     this.bans.clear();
-    for (const [, entry] of this.violations) {
-      clearTimeout(entry.timeoutId);
-    }
     this.violations.clear();
   }
 }
@@ -303,6 +292,80 @@ function hitlimit(options, handler) {
   const response = config.response;
   const customKey = options.key;
   const blockedBody = JSON.stringify(response);
+  const isSyncStore = store.isSync === true;
+  const isSyncKey = !customKey;
+  if (!hasSkip && !hasTiers && !hasBan && !hasGroup && isSyncStore && isSyncKey) {
+    return (req, server) => {
+      const ip = server.requestIP(req)?.address || "unknown";
+      const result = store.hit(ip, windowMs, limit);
+      const allowed = result.count <= limit;
+      if (!allowed) {
+        const headers = { "Content-Type": "application/json" };
+        const resetIn = Math.ceil((result.resetAt - Date.now()) / 1000);
+        if (standardHeaders) {
+          headers["RateLimit-Limit"] = String(limit);
+          headers["RateLimit-Remaining"] = "0";
+          headers["RateLimit-Reset"] = String(resetIn);
+        }
+        if (legacyHeaders) {
+          headers["X-RateLimit-Limit"] = String(limit);
+          headers["X-RateLimit-Remaining"] = "0";
+          headers["X-RateLimit-Reset"] = String(Math.ceil(result.resetAt / 1000));
+        }
+        if (retryAfterHeader) {
+          headers["Retry-After"] = String(resetIn);
+        }
+        return new Response(blockedBody, { status: 429, headers });
+      }
+      const res = handler(req, server);
+      if (res instanceof Promise) {
+        return res.then((response2) => {
+          if (standardHeaders || legacyHeaders) {
+            const resetIn = Math.ceil((result.resetAt - Date.now()) / 1000);
+            const remaining = Math.max(0, limit - result.count);
+            const newHeaders = new Headers(response2.headers);
+            if (standardHeaders) {
+              newHeaders.set("RateLimit-Limit", String(limit));
+              newHeaders.set("RateLimit-Remaining", String(remaining));
+              newHeaders.set("RateLimit-Reset", String(resetIn));
+            }
+            if (legacyHeaders) {
+              newHeaders.set("X-RateLimit-Limit", String(limit));
+              newHeaders.set("X-RateLimit-Remaining", String(remaining));
+              newHeaders.set("X-RateLimit-Reset", String(Math.ceil(result.resetAt / 1000)));
+            }
+            return new Response(response2.body, {
+              status: response2.status,
+              statusText: response2.statusText,
+              headers: newHeaders
+            });
+          }
+          return response2;
+        });
+      }
+      if (standardHeaders || legacyHeaders) {
+        const resetIn = Math.ceil((result.resetAt - Date.now()) / 1000);
+        const remaining = Math.max(0, limit - result.count);
+        const newHeaders = new Headers(res.headers);
+        if (standardHeaders) {
+          newHeaders.set("RateLimit-Limit", String(limit));
+          newHeaders.set("RateLimit-Remaining", String(remaining));
+          newHeaders.set("RateLimit-Reset", String(resetIn));
+        }
+        if (legacyHeaders) {
+          newHeaders.set("X-RateLimit-Limit", String(limit));
+          newHeaders.set("X-RateLimit-Remaining", String(remaining));
+          newHeaders.set("X-RateLimit-Reset", String(Math.ceil(result.resetAt / 1000)));
+        }
+        return new Response(res.body, {
+          status: res.status,
+          statusText: res.statusText,
+          headers: newHeaders
+        });
+      }
+      return res;
+    };
+  }
   if (!hasSkip && !hasTiers && !hasBan && !hasGroup) {
     return async (req, server) => {
       try {

package/dist/stores/memory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/stores/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AAgJ3E,wBAAgB,WAAW,IAAI,aAAa,CAE3C"}
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/stores/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AA2G3E,wBAAgB,WAAW,IAAI,aAAa,CAE3C"}

package/dist/stores/memory.js

@@ -1,49 +1,66 @@
 // @bun
 // src/stores/memory.ts
 class MemoryStore {
+  isSync = true;
   hits = new Map;
   bans = new Map;
   violations = new Map;
+  _result = { count: 0, resetAt: 0 };
+  sweepInterval;
+  constructor() {
+    this.sweepInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.hits) {
+        if (now >= entry.resetAt)
+          this.hits.delete(key);
+      }
+      for (const [key, ban] of this.bans) {
+        if (now >= ban.expiresAt)
+          this.bans.delete(key);
+      }
+      for (const [key, violation] of this.violations) {
+        if (now >= violation.resetAt)
+          this.violations.delete(key);
+      }
+    }, 1e4);
+    if (typeof this.sweepInterval.unref === "function") {
+      this.sweepInterval.unref();
+    }
+  }
   hit(key, windowMs, _limit) {
     const entry = this.hits.get(key);
     if (entry !== undefined) {
-      entry.count++;
-      return { count: entry.count, resetAt: entry.resetAt };
+      const now2 = Date.now();
+      if (now2 >= entry.resetAt) {
+        entry.count = 1;
+        entry.resetAt = now2 + windowMs;
+      } else {
+        entry.count++;
+      }
+      this._result.count = entry.count;
+      this._result.resetAt = entry.resetAt;
+      return this._result;
     }
     const now = Date.now();
     const resetAt = now + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.hits.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.hits.set(key, { count: 1, resetAt, timeoutId });
-    return { count: 1, resetAt };
+    this.hits.set(key, { count: 1, resetAt });
+    this._result.count = 1;
+    this._result.resetAt = resetAt;
+    return this._result;
   }
   isBanned(key) {
     const ban = this.bans.get(key);
     if (!ban)
       return false;
     if (Date.now() >= ban.expiresAt) {
-      clearTimeout(ban.timeoutId);
       this.bans.delete(key);
       return false;
     }
     return true;
   }
   ban(key, durationMs) {
-    const existing = this.bans.get(key);
-    if (existing)
-      clearTimeout(existing.timeoutId);
     const expiresAt = Date.now() + durationMs;
-    const timeoutId = setTimeout(() => {
-      this.bans.delete(key);
-    }, durationMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.bans.set(key, { expiresAt, timeoutId });
+    this.bans.set(key, { expiresAt });
   }
   recordViolation(key, windowMs) {
     const entry = this.violations.get(key);
@@ -51,47 +68,19 @@ class MemoryStore {
       entry.count++;
       return entry.count;
     }
-    if (entry)
-      clearTimeout(entry.timeoutId);
     const resetAt = Date.now() + windowMs;
-    const timeoutId = setTimeout(() => {
-      this.violations.delete(key);
-    }, windowMs);
-    if (typeof timeoutId.unref === "function") {
-      timeoutId.unref();
-    }
-    this.violations.set(key, { count: 1, resetAt, timeoutId });
+    this.violations.set(key, { count: 1, resetAt });
     return 1;
   }
   reset(key) {
-    const entry = this.hits.get(key);
-    if (entry) {
-      clearTimeout(entry.timeoutId);
-      this.hits.delete(key);
-    }
-    const ban = this.bans.get(key);
-    if (ban) {
-      clearTimeout(ban.timeoutId);
-      this.bans.delete(key);
-    }
-    const violation = this.violations.get(key);
-    if (violation) {
-      clearTimeout(violation.timeoutId);
-      this.violations.delete(key);
-    }
+    this.hits.delete(key);
+    this.bans.delete(key);
+    this.violations.delete(key);
   }
   shutdown() {
-    for (const [, entry] of this.hits) {
-      clearTimeout(entry.timeoutId);
-    }
+    clearInterval(this.sweepInterval);
     this.hits.clear();
-    for (const [, entry] of this.bans) {
-      clearTimeout(entry.timeoutId);
-    }
     this.bans.clear();
-    for (const [, entry] of this.violations) {
-      clearTimeout(entry.timeoutId);
-    }
     this.violations.clear();
   }
 }

package/dist/stores/sqlite.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/stores/sqlite.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AAE3E,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AA+GD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAEvE"}
+{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/stores/sqlite.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,2BAA2B,CAAA;AAE3E,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAgHD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAEvE"}

package/dist/stores/sqlite.js

@@ -3,6 +3,7 @@
 import { Database } from "bun:sqlite";
 
 class BunSqliteStore {
+  isSync = true;
   db;
   hitStmt;
   getStmt;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joint-ops/hitlimit-bun",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "Ultra-fast Bun-native rate limiting - Memory-first with 6M+ ops/sec for Bun.serve, Elysia & Hono",
   "author": {
     "name": "Shayan M Hussain",
@@ -117,7 +117,7 @@
     "test:watch": "bun test --watch"
   },
   "dependencies": {
-    "@joint-ops/hitlimit-types": "1.1.0"
+    "@joint-ops/hitlimit-types": "1.1.2"
   },
   "peerDependencies": {
     "elysia": ">=1.0.0",