express-rate-limit 8.0.0 → 8.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +13 -21
  2. package/dist/index.d.cts +3 -3
  3. package/dist/index.d.mts +3 -3
  4. package/dist/index.d.ts +3 -3
  5. package/dist/index.mjs +12 -10
  6. package/package.json +110 -112
package/dist/index.cjs CHANGED
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // source/index.ts
@@ -39,13 +29,15 @@ module.exports = __toCommonJS(index_exports);
39
29
 
40
30
  // source/ip-key-generator.ts
41
31
  var import_node_net = require("node:net");
42
- var import_ip = __toESM(require("ip"), 1);
32
+ var import_ip_address = require("ip-address");
43
33
  function ipKeyGenerator(ip, ipv6Subnet = 56) {
44
- if (ipv6Subnet && (0, import_node_net.isIPv6)(ip)) {
45
- return `${import_ip.default.mask(
46
- ip,
47
- import_ip.default.fromPrefixLen(ipv6Subnet)
48
- )}/${ipv6Subnet}`;
34
+ if ((0, import_node_net.isIPv6)(ip)) {
35
+ const address = new import_ip_address.Address6(ip);
36
+ if (address.is4()) return address.to4().correctForm();
37
+ if (ipv6Subnet) {
38
+ const subnet = new import_ip_address.Address6(`${ip}/${ipv6Subnet}`);
39
+ return `${subnet.startAddress().correctForm()}/${ipv6Subnet}`;
40
+ }
49
41
  }
50
42
  return ip;
51
43
  }
@@ -448,7 +440,7 @@ var validations = {
448
440
  if (limit === 0) {
449
441
  throw new ChangeWarning(
450
442
  "WRN_ERL_MAX_ZERO",
451
- `Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7`
443
+ "Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7"
452
444
  );
453
445
  }
454
446
  },
@@ -480,7 +472,7 @@ var validations = {
480
472
  if (onLimitReached) {
481
473
  throw new ChangeWarning(
482
474
  "WRN_ERL_DEPRECATED_ON_LIMIT_REACHED",
483
- `The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7.`
475
+ "The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7."
484
476
  );
485
477
  }
486
478
  },
@@ -559,7 +551,7 @@ var validations = {
559
551
  }
560
552
  throw new ValidationError(
561
553
  "ERR_ERL_CREATED_IN_REQUEST_HANDLER",
562
- `express-rate-limit instance should be created at app initialization, not when responding to a request.`
554
+ "express-rate-limit instance should be created at app initialization, not when responding to a request."
563
555
  );
564
556
  }
565
557
  },
@@ -590,7 +582,7 @@ var validations = {
590
582
  if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
591
583
  throw new ValidationError(
592
584
  "ERR_ERL_KEY_GEN_IPV6",
593
- `Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits.`
585
+ "Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits."
594
586
  );
595
587
  }
596
588
  }
@@ -891,4 +883,4 @@ var rate_limit_default = rateLimit;
891
883
  ipKeyGenerator,
892
884
  rateLimit
893
885
  });
894
- module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;
886
+ module.exports = Object.assign(rateLimit, module.exports);
package/dist/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
- // Generated by dts-bundle-generator v9.5.1
1
+ // Generated by dts-bundle-generator v8.0.1
2
2
 
3
- import { NextFunction, Request as Request$1, RequestHandler, Response as Response$1 } from 'express';
3
+ import { NextFunction, Request, RequestHandler, Response } from 'express';
4
4
 
5
5
  /**
6
6
  * Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
8
8
  * If you write a custom keyGenerator that allows a fallback to IP address for
9
9
  * unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
10
10
  *
11
- * For more infomration, {@see Options.ipv6Subnet}.
11
+ * For more information, {@see Options.ipv6Subnet}.
12
12
  *
13
13
  * @param ip {string} - The IP address to process, usually request.ip.
14
14
  * @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
- // Generated by dts-bundle-generator v9.5.1
1
+ // Generated by dts-bundle-generator v8.0.1
2
2
 
3
- import { NextFunction, Request as Request$1, RequestHandler, Response as Response$1 } from 'express';
3
+ import { NextFunction, Request, RequestHandler, Response } from 'express';
4
4
 
5
5
  /**
6
6
  * Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
8
8
  * If you write a custom keyGenerator that allows a fallback to IP address for
9
9
  * unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
10
10
  *
11
- * For more infomration, {@see Options.ipv6Subnet}.
11
+ * For more information, {@see Options.ipv6Subnet}.
12
12
  *
13
13
  * @param ip {string} - The IP address to process, usually request.ip.
14
14
  * @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- // Generated by dts-bundle-generator v9.5.1
1
+ // Generated by dts-bundle-generator v8.0.1
2
2
 
3
- import { NextFunction, Request as Request$1, RequestHandler, Response as Response$1 } from 'express';
3
+ import { NextFunction, Request, RequestHandler, Response } from 'express';
4
4
 
5
5
  /**
6
6
  * Returns the IP address itself for IPv4, or a CIDR-notation subnet for IPv6.
@@ -8,7 +8,7 @@ import { NextFunction, Request as Request$1, RequestHandler, Response as Respons
8
8
  * If you write a custom keyGenerator that allows a fallback to IP address for
9
9
  * unauthenticated users, return ipKeyGenerator(req.ip) rather than just req.ip.
10
10
  *
11
- * For more infomration, {@see Options.ipv6Subnet}.
11
+ * For more information, {@see Options.ipv6Subnet}.
12
12
  *
13
13
  * @param ip {string} - The IP address to process, usually request.ip.
14
14
  * @param ipv6Subnet {number | false} - The subnet mask for IPv6 addresses.
package/dist/index.mjs CHANGED
@@ -1,12 +1,14 @@
1
1
  // source/ip-key-generator.ts
2
2
  import { isIPv6 } from "node:net";
3
- import iptools from "ip";
3
+ import { Address6 } from "ip-address";
4
4
  function ipKeyGenerator(ip, ipv6Subnet = 56) {
5
- if (ipv6Subnet && isIPv6(ip)) {
6
- return `${iptools.mask(
7
- ip,
8
- iptools.fromPrefixLen(ipv6Subnet)
9
- )}/${ipv6Subnet}`;
5
+ if (isIPv6(ip)) {
6
+ const address = new Address6(ip);
7
+ if (address.is4()) return address.to4().correctForm();
8
+ if (ipv6Subnet) {
9
+ const subnet = new Address6(`${ip}/${ipv6Subnet}`);
10
+ return `${subnet.startAddress().correctForm()}/${ipv6Subnet}`;
11
+ }
10
12
  }
11
13
  return ip;
12
14
  }
@@ -409,7 +411,7 @@ var validations = {
409
411
  if (limit === 0) {
410
412
  throw new ChangeWarning(
411
413
  "WRN_ERL_MAX_ZERO",
412
- `Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7`
414
+ "Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7"
413
415
  );
414
416
  }
415
417
  },
@@ -441,7 +443,7 @@ var validations = {
441
443
  if (onLimitReached) {
442
444
  throw new ChangeWarning(
443
445
  "WRN_ERL_DEPRECATED_ON_LIMIT_REACHED",
444
- `The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7.`
446
+ "The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7."
445
447
  );
446
448
  }
447
449
  },
@@ -520,7 +522,7 @@ var validations = {
520
522
  }
521
523
  throw new ValidationError(
522
524
  "ERR_ERL_CREATED_IN_REQUEST_HANDLER",
523
- `express-rate-limit instance should be created at app initialization, not when responding to a request.`
525
+ "express-rate-limit instance should be created at app initialization, not when responding to a request."
524
526
  );
525
527
  }
526
528
  },
@@ -551,7 +553,7 @@ var validations = {
551
553
  if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
552
554
  throw new ValidationError(
553
555
  "ERR_ERL_KEY_GEN_IPV6",
554
- `Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits.`
556
+ "Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits."
555
557
  );
556
558
  }
557
559
  }
package/package.json CHANGED
@@ -1,113 +1,111 @@
1
1
  {
2
- "name": "express-rate-limit",
3
- "version": "8.0.0",
4
- "description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
5
- "author": {
6
- "name": "Nathan Friedly",
7
- "url": "http://nfriedly.com/"
8
- },
9
- "license": "MIT",
10
- "homepage": "https://github.com/express-rate-limit/express-rate-limit",
11
- "repository": {
12
- "type": "git",
13
- "url": "git+https://github.com/express-rate-limit/express-rate-limit.git"
14
- },
15
- "funding": "https://github.com/sponsors/express-rate-limit",
16
- "keywords": [
17
- "express-rate-limit",
18
- "express",
19
- "rate",
20
- "limit",
21
- "ratelimit",
22
- "rate-limit",
23
- "middleware",
24
- "ip",
25
- "auth",
26
- "authorization",
27
- "security",
28
- "brute",
29
- "force",
30
- "bruteforce",
31
- "brute-force",
32
- "attack"
33
- ],
34
- "type": "module",
35
- "exports": {
36
- ".": {
37
- "import": {
38
- "types": "./dist/index.d.mts",
39
- "default": "./dist/index.mjs"
40
- },
41
- "require": {
42
- "types": "./dist/index.d.cts",
43
- "default": "./dist/index.cjs"
44
- }
45
- }
46
- },
47
- "main": "./dist/index.cjs",
48
- "module": "./dist/index.mjs",
49
- "types": "./dist/index.d.ts",
50
- "files": [
51
- "dist/",
52
- "tsconfig.json"
53
- ],
54
- "engines": {
55
- "node": ">= 16"
56
- },
57
- "scripts": {
58
- "clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
59
- "build:cjs": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;\" source/index.ts",
60
- "build:esm": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=esm --outfile=dist/index.mjs source/index.ts",
61
- "build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts && cp dist/index.d.ts dist/index.d.cts && cp dist/index.d.ts dist/index.d.mts",
62
- "compile": "run-s clean build:*",
63
- "docs": "cd docs && mintlify dev",
64
- "lint:code": "biome check",
65
- "lint:docs": "prettier --check docs/ *.md",
66
- "lint": "run-s lint:*",
67
- "format:code": "biome check --write",
68
- "format:docs": "prettier --write docs/ *.md",
69
- "format": "run-s format:*",
70
- "test:lib": "jest",
71
- "test:ext": "cd test/external/ && bash run-all-tests",
72
- "test": "run-s lint test:lib",
73
- "pre-commit": "lint-staged",
74
- "prepare": "run-s compile && husky"
75
- },
76
- "dependencies": {
77
- "ip": "2.0.1"
78
- },
79
- "peerDependencies": {
80
- "express": ">= 4.11"
81
- },
82
- "devDependencies": {
83
- "@biomejs/biome": "2.1.1",
84
- "@express-rate-limit/prettier": "1.1.1",
85
- "@express-rate-limit/tsconfig": "1.0.2",
86
- "@jest/globals": "30.0.4",
87
- "@types/express": "5.0.3",
88
- "@types/ip": "1.1.3",
89
- "@types/jest": "30.0.0",
90
- "@types/node": "24.0.14",
91
- "@types/supertest": "6.0.3",
92
- "del-cli": "6.0.0",
93
- "dts-bundle-generator": "9.5.1",
94
- "esbuild": "0.25.6",
95
- "express": "5.1.0",
96
- "husky": "9.1.7",
97
- "jest": "30.0.4",
98
- "lint-staged": "16.1.2",
99
- "mintlify": "4.2.15",
100
- "npm-run-all": "4.1.5",
101
- "prettier": "3.6.2",
102
- "ratelimit-header-parser": "0.1.0",
103
- "supertest": "7.1.3",
104
- "ts-jest": "29.4.0",
105
- "ts-node": "10.9.2",
106
- "typescript": "5.8.3"
107
- },
108
- "prettier": "@express-rate-limit/prettier",
109
- "lint-staged": {
110
- "*.{js,ts,json}": "biome check --write",
111
- "*.{md,yaml}": "prettier --write"
112
- }
113
- }
2
+ "name": "express-rate-limit",
3
+ "version": "8.0.2",
4
+ "description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
5
+ "author": {
6
+ "name": "Nathan Friedly",
7
+ "url": "http://nfriedly.com/"
8
+ },
9
+ "license": "MIT",
10
+ "homepage": "https://github.com/express-rate-limit/express-rate-limit",
11
+ "repository": {
12
+ "type": "git",
13
+ "url": "git+https://github.com/express-rate-limit/express-rate-limit.git"
14
+ },
15
+ "funding": "https://github.com/sponsors/express-rate-limit",
16
+ "keywords": [
17
+ "express-rate-limit",
18
+ "express",
19
+ "rate",
20
+ "limit",
21
+ "ratelimit",
22
+ "rate-limit",
23
+ "middleware",
24
+ "ip",
25
+ "auth",
26
+ "authorization",
27
+ "security",
28
+ "brute",
29
+ "force",
30
+ "bruteforce",
31
+ "brute-force",
32
+ "attack"
33
+ ],
34
+ "type": "module",
35
+ "exports": {
36
+ ".": {
37
+ "import": {
38
+ "types": "./dist/index.d.mts",
39
+ "default": "./dist/index.mjs"
40
+ },
41
+ "require": {
42
+ "types": "./dist/index.d.cts",
43
+ "default": "./dist/index.cjs"
44
+ }
45
+ }
46
+ },
47
+ "main": "./dist/index.cjs",
48
+ "module": "./dist/index.mjs",
49
+ "types": "./dist/index.d.ts",
50
+ "files": [
51
+ "dist/",
52
+ "tsconfig.json"
53
+ ],
54
+ "engines": {
55
+ "node": ">= 16"
56
+ },
57
+ "dependencies": {
58
+ "ip-address": "10.1.0"
59
+ },
60
+ "peerDependencies": {
61
+ "express": ">= 4.11"
62
+ },
63
+ "devDependencies": {
64
+ "@biomejs/biome": "2.1.1",
65
+ "@express-rate-limit/prettier": "1.1.1",
66
+ "@express-rate-limit/tsconfig": "1.0.2",
67
+ "@jest/globals": "30.0.4",
68
+ "@types/express": "5.0.3",
69
+ "@types/jest": "30.0.0",
70
+ "@types/node": "24.0.14",
71
+ "@types/supertest": "6.0.3",
72
+ "del-cli": "6.0.0",
73
+ "dts-bundle-generator": "8.0.1",
74
+ "esbuild": "0.25.6",
75
+ "express": "5.1.0",
76
+ "husky": "9.1.7",
77
+ "jest": "30.0.4",
78
+ "lint-staged": "16.1.2",
79
+ "mintlify": "4.2.15",
80
+ "npm-run-all": "4.1.5",
81
+ "prettier": "3.6.2",
82
+ "ratelimit-header-parser": "0.1.0",
83
+ "supertest": "7.1.3",
84
+ "ts-jest": "29.4.0",
85
+ "ts-node": "10.9.2",
86
+ "typescript": "5.8.3"
87
+ },
88
+ "prettier": "@express-rate-limit/prettier",
89
+ "lint-staged": {
90
+ "*.{js,ts,json}": "biome check --write",
91
+ "*.{md,yaml}": "prettier --write"
92
+ },
93
+ "scripts": {
94
+ "clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
95
+ "build:cjs": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = Object.assign(rateLimit, module.exports);\" source/index.ts",
96
+ "build:esm": "esbuild --packages=external --platform=node --bundle --target=es2022 --format=esm --outfile=dist/index.mjs source/index.ts",
97
+ "build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts && cp dist/index.d.ts dist/index.d.cts && cp dist/index.d.ts dist/index.d.mts",
98
+ "compile": "run-s clean build:*",
99
+ "docs": "cd docs && mintlify dev",
100
+ "lint:code": "biome check",
101
+ "lint:docs": "prettier --check docs/ *.md",
102
+ "lint": "run-s lint:*",
103
+ "format:code": "biome check --write",
104
+ "format:docs": "prettier --write docs/ *.md",
105
+ "format": "run-s format:*",
106
+ "test:lib": "jest",
107
+ "test:ext": "cd test/external/ && bash run-all-tests",
108
+ "test": "run-s lint test:lib",
109
+ "pre-commit": "lint-staged"
110
+ }
111
+ }