express-rate-limit 8.0.0 → 8.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +7 -20
- package/dist/index.d.cts +3 -3
- package/dist/index.d.mts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.mjs +6 -9
- package/package.json +6 -7
package/dist/index.cjs
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// source/index.ts
|
|
@@ -39,13 +29,10 @@ module.exports = __toCommonJS(index_exports);
|
|
|
39
29
|
|
|
40
30
|
// source/ip-key-generator.ts
|
|
41
31
|
var import_node_net = require("node:net");
|
|
42
|
-
var
|
|
32
|
+
var import_ip_address = require("ip-address");
|
|
43
33
|
function ipKeyGenerator(ip, ipv6Subnet = 56) {
|
|
44
34
|
if (ipv6Subnet && (0, import_node_net.isIPv6)(ip)) {
|
|
45
|
-
return `${
|
|
46
|
-
ip,
|
|
47
|
-
import_ip.default.fromPrefixLen(ipv6Subnet)
|
|
48
|
-
)}/${ipv6Subnet}`;
|
|
35
|
+
return `${new import_ip_address.Address6(`${ip}/${ipv6Subnet}`).startAddress().correctForm()}/${ipv6Subnet}`;
|
|
49
36
|
}
|
|
50
37
|
return ip;
|
|
51
38
|
}
|
|
@@ -448,7 +435,7 @@ var validations = {
|
|
|
448
435
|
if (limit === 0) {
|
|
449
436
|
throw new ChangeWarning(
|
|
450
437
|
"WRN_ERL_MAX_ZERO",
|
|
451
|
-
|
|
438
|
+
"Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7"
|
|
452
439
|
);
|
|
453
440
|
}
|
|
454
441
|
},
|
|
@@ -480,7 +467,7 @@ var validations = {
|
|
|
480
467
|
if (onLimitReached) {
|
|
481
468
|
throw new ChangeWarning(
|
|
482
469
|
"WRN_ERL_DEPRECATED_ON_LIMIT_REACHED",
|
|
483
|
-
|
|
470
|
+
"The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7."
|
|
484
471
|
);
|
|
485
472
|
}
|
|
486
473
|
},
|
|
@@ -559,7 +546,7 @@ var validations = {
|
|
|
559
546
|
}
|
|
560
547
|
throw new ValidationError(
|
|
561
548
|
"ERR_ERL_CREATED_IN_REQUEST_HANDLER",
|
|
562
|
-
|
|
549
|
+
"express-rate-limit instance should be created at app initialization, not when responding to a request."
|
|
563
550
|
);
|
|
564
551
|
}
|
|
565
552
|
},
|
|
@@ -590,7 +577,7 @@ var validations = {
|
|
|
590
577
|
if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
|
|
591
578
|
throw new ValidationError(
|
|
592
579
|
"ERR_ERL_KEY_GEN_IPV6",
|
|
593
|
-
|
|
580
|
+
"Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits."
|
|
594
581
|
);
|
|
595
582
|
}
|
|
596
583
|
}
|
|
@@ -891,4 +878,4 @@ var rate_limit_default = rateLimit;
|
|
|
891
878
|
ipKeyGenerator,
|
|
892
879
|
rateLimit
|
|
893
880
|
});
|
|
894
|
-
module.exports =
|
|
881
|
+
module.exports = Object.assign(rateLimit, module.exports);
|
package/dist/index.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
// Generated by dts-bundle-generator
|
|
1
|
+
// Generated by dts-bundle-generator v8.0.1
|
|
2
2
|
|
|
3
|
-
import { NextFunction, Request
|
|
3
|
+
import { NextFunction, Request, RequestHandler, Response } from 'express';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
|
|
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
|
|
|
8
8
|
* If you write a custom keyGenerator that allows a fallback to IP address for
|
|
9
9
|
* unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
|
|
10
10
|
*
|
|
11
|
-
* For more
|
|
11
|
+
* For more information, {@see Options.ipv6Subnet}.
|
|
12
12
|
*
|
|
13
13
|
* @param ip {string} - The IP address to process, usually request.ip.
|
|
14
14
|
* @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
|
package/dist/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
// Generated by dts-bundle-generator
|
|
1
|
+
// Generated by dts-bundle-generator v8.0.1
|
|
2
2
|
|
|
3
|
-
import { NextFunction, Request
|
|
3
|
+
import { NextFunction, Request, RequestHandler, Response } from 'express';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
|
|
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
|
|
|
8
8
|
* If you write a custom keyGenerator that allows a fallback to IP address for
|
|
9
9
|
* unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
|
|
10
10
|
*
|
|
11
|
-
* For more
|
|
11
|
+
* For more information, {@see Options.ipv6Subnet}.
|
|
12
12
|
*
|
|
13
13
|
* @param ip {string} - The IP address to process, usually request.ip.
|
|
14
14
|
* @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
// Generated by dts-bundle-generator
|
|
1
|
+
// Generated by dts-bundle-generator v8.0.1
|
|
2
2
|
|
|
3
|
-
import { NextFunction, Request
|
|
3
|
+
import { NextFunction, Request, RequestHandler, Response } from 'express';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
|
|
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
|
|
|
8
8
|
* If you write a custom keyGenerator that allows a fallback to IP address for
|
|
9
9
|
* unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
|
|
10
10
|
*
|
|
11
|
-
* For more
|
|
11
|
+
* For more information, {@see Options.ipv6Subnet}.
|
|
12
12
|
*
|
|
13
13
|
* @param ip {string} - The IP address to process, usually request.ip.
|
|
14
14
|
* @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
|
package/dist/index.mjs
CHANGED
|
@@ -1,12 +1,9 @@
|
|
|
1
1
|
// source/ip-key-generator.ts
|
|
2
2
|
import { isIPv6 } from "node:net";
|
|
3
|
-
import
|
|
3
|
+
import { Address6 } from "ip-address";
|
|
4
4
|
function ipKeyGenerator(ip, ipv6Subnet = 56) {
|
|
5
5
|
if (ipv6Subnet && isIPv6(ip)) {
|
|
6
|
-
return `${
|
|
7
|
-
ip,
|
|
8
|
-
iptools.fromPrefixLen(ipv6Subnet)
|
|
9
|
-
)}/${ipv6Subnet}`;
|
|
6
|
+
return `${new Address6(`${ip}/${ipv6Subnet}`).startAddress().correctForm()}/${ipv6Subnet}`;
|
|
10
7
|
}
|
|
11
8
|
return ip;
|
|
12
9
|
}
|
|
@@ -409,7 +406,7 @@ var validations = {
|
|
|
409
406
|
if (limit === 0) {
|
|
410
407
|
throw new ChangeWarning(
|
|
411
408
|
"WRN_ERL_MAX_ZERO",
|
|
412
|
-
|
|
409
|
+
"Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7"
|
|
413
410
|
);
|
|
414
411
|
}
|
|
415
412
|
},
|
|
@@ -441,7 +438,7 @@ var validations = {
|
|
|
441
438
|
if (onLimitReached) {
|
|
442
439
|
throw new ChangeWarning(
|
|
443
440
|
"WRN_ERL_DEPRECATED_ON_LIMIT_REACHED",
|
|
444
|
-
|
|
441
|
+
"The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7."
|
|
445
442
|
);
|
|
446
443
|
}
|
|
447
444
|
},
|
|
@@ -520,7 +517,7 @@ var validations = {
|
|
|
520
517
|
}
|
|
521
518
|
throw new ValidationError(
|
|
522
519
|
"ERR_ERL_CREATED_IN_REQUEST_HANDLER",
|
|
523
|
-
|
|
520
|
+
"express-rate-limit instance should be created at app initialization, not when responding to a request."
|
|
524
521
|
);
|
|
525
522
|
}
|
|
526
523
|
},
|
|
@@ -551,7 +548,7 @@ var validations = {
|
|
|
551
548
|
if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
|
|
552
549
|
throw new ValidationError(
|
|
553
550
|
"ERR_ERL_KEY_GEN_IPV6",
|
|
554
|
-
|
|
551
|
+
"Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits."
|
|
555
552
|
);
|
|
556
553
|
}
|
|
557
554
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "express-rate-limit",
|
|
3
|
-
"version": "8.0.
|
|
3
|
+
"version": "8.0.1",
|
|
4
4
|
"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Nathan Friedly",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
},
|
|
57
57
|
"scripts": {
|
|
58
58
|
"clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
|
|
59
|
-
"build:cjs": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports =
|
|
59
|
+
"build:cjs": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = Object.assign(rateLimit, module.exports);\" source/index.ts",
|
|
60
60
|
"build:esm": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=esm --outfile=dist/index.mjs source/index.ts",
|
|
61
61
|
"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts && cp dist/index.d.ts dist/index.d.cts && cp dist/index.d.ts dist/index.d.mts",
|
|
62
62
|
"compile": "run-s clean build:*",
|
|
@@ -73,9 +73,6 @@
|
|
|
73
73
|
"pre-commit": "lint-staged",
|
|
74
74
|
"prepare": "run-s compile && husky"
|
|
75
75
|
},
|
|
76
|
-
"dependencies": {
|
|
77
|
-
"ip": "2.0.1"
|
|
78
|
-
},
|
|
79
76
|
"peerDependencies": {
|
|
80
77
|
"express": ">= 4.11"
|
|
81
78
|
},
|
|
@@ -85,12 +82,11 @@
|
|
|
85
82
|
"@express-rate-limit/tsconfig": "1.0.2",
|
|
86
83
|
"@jest/globals": "30.0.4",
|
|
87
84
|
"@types/express": "5.0.3",
|
|
88
|
-
"@types/ip": "1.1.3",
|
|
89
85
|
"@types/jest": "30.0.0",
|
|
90
86
|
"@types/node": "24.0.14",
|
|
91
87
|
"@types/supertest": "6.0.3",
|
|
92
88
|
"del-cli": "6.0.0",
|
|
93
|
-
"dts-bundle-generator": "
|
|
89
|
+
"dts-bundle-generator": "8.0.1",
|
|
94
90
|
"esbuild": "0.25.6",
|
|
95
91
|
"express": "5.1.0",
|
|
96
92
|
"husky": "9.1.7",
|
|
@@ -109,5 +105,8 @@
|
|
|
109
105
|
"lint-staged": {
|
|
110
106
|
"*.{js,ts,json}": "biome check --write",
|
|
111
107
|
"*.{md,yaml}": "prettier --write"
|
|
108
|
+
},
|
|
109
|
+
"dependencies": {
|
|
110
|
+
"ip-address": "10.0.1"
|
|
112
111
|
}
|
|
113
112
|
}
|