rate-limiter-flexible 10.0.0

Require points and duration opts

on Node.js NPM

What's Changed

[BREAKING CHANGES]

• Require points and duration options by @animir in #354

  No default values are set for points and duration options starting from v10. Negative points will not be replaced by default points value 4.
  Validation rules apply.

  Error is thrown during limiter creation if points or duration is invalid:

  1. points must be number.

     Any limiter accepts negative points as valid option starting from v10. If you migrate from older version, be careful: If in your code points option is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negative points value will not be replaced by 4 by default as it was prior to version 10.

     When your limiter has negative or zero points consume method call is always rejected since there is always not enough points to consume. You can set points to negative and play with reward and consume calls, that could be useful sometimes.

  2. duration must be non-negative number >= 0. Error is thrown during limiter creation if duration option has invalid value.

  Requiring points and duration seems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points.

[OTHER UPDATES]

• Faster memory limiter and block mechanism by @animir in #355

  Internal memory storage implementation refactored for Map with timestamps instead of Date objects.

  Memory limiter is faster on 10-15% now on high traffic with diverse keys. Tests show performance improvement from 2569948 ops/sec to 2885688 ops/sec on my laptop.

Full Changelog: v9.1.1...v10.0.0