What's Changed

• feat: add expiresUnixAt deadline option to RateLimiterQueue.removeTokens (#212) by @Ruby-Leung in #365

  Queue with removeTokens(tokens, key, expiresUnixAt) or removeTokens(tokens, expiresUnixAt) calls.

  Read more on RateLimiterQueue wiki.

• fix(postgres): don't name the one-off create-table prepared statement (#196) by @Ruby-Leung in #366

New Contributors

• @Ruby-Leung made their first contribution in #365

Full Changelog: v11.1.1...v11.2.0

🌠

What's Changed

• fix execEvenlyMinDelayMs not reflecting points/duration mutation by @quad in #364 Thanks!

New Contributors

• @quad made their first contribution in #364

Full Changelog: v11.1.0...v11.1.1

🚉

What's Changed

• dump() and restore() for Memory limiter by @man610 in #361

This is a best-effort persistence mechanism for graceful restarts (SIGTERM/SIGINT), blue/green deploys, or writing a snapshot to disk on shutdown.

Use this when losing up to 1% of request counts won’t affect security or finances, such as in overload or DoS protection.

New Contributors

• @man610 made their first contribution in #361

Full Changelog: v11.0.2...v11.1.0

🔶

What's Changed

• #362 support drizzle-orm v1 by @animir in #363

Full Changelog: v11.0.1...v11.0.2

😉

What's Changed

• #113 fix RateLimiterQueue delay for limiters with execEvenly flag set to true by @animir in #359
• Update dev deps to latest minor versions by @animir in #358

Full Changelog: v11.0.0...v11.0.1

👀

What's Changed

• #356 fix do not require points and duration options in wrappers by @animir in #357
• RateLimiterCompatibleAbstract lightweight base class for custom wrappers
  Added a minimal abstract class that defines the core interface (consume, get, set, delete, penalty, reward, block, getKey) without requiring the full RateLimiterAbstract implementation. This makes it easy to build custom wrappers that work seamlessly with RateLimiterUnion, RLWrapperTimeouts, and insurance limiters.
• Fixed RateLimiterStoreAbstract.set() incorrectly calling _block instead of _set
• Fixed key parsing when keyPrefix is empty

[BREAKING CHANGES]
RLWrapperBlackAndWhite now extends RateLimiterCompatibleAbstract, and all union/wrapper/insurance classes accept both abstract types via a new isRateLimiterCompatible helper.

⏲️

Full Changelog: v10.0.1...v11.0.0

Full Changelog: v10.0.0...v10.0.1

What's Changed

[BREAKING CHANGES]

• Require points and duration options by @animir in #354

  No default values are set for points and duration options starting from v10. Negative points will not be replaced by default points value 4.
  Validation rules apply.

  Error is thrown during limiter creation if points or duration is invalid:

  1. points must be number.

     Any limiter accepts negative points as valid option starting from v10. If you migrate from older version, be careful: If in your code points option is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negative points value will not be replaced by 4 by default as it was prior to version 10.

     When your limiter has negative or zero points consume method call is always rejected since there is always not enough points to consume. You can set points to negative and play with reward and consume calls, that could be useful sometimes.

  2. duration must be non-negative number >= 0. Error is thrown during limiter creation if duration option has invalid value.

  Requiring points and duration seems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points.

[OTHER UPDATES]

• Faster memory limiter and block mechanism by @animir in #355

  Internal memory storage implementation refactored for Map with timestamps instead of Date objects.

  Memory limiter is faster on 10-15% now on high traffic with diverse keys. Tests show performance improvement from 2569948 ops/sec to 2885688 ops/sec on my laptop.

Full Changelog: v9.1.1...v10.0.0

🐚

What's Changed

• support Sequelize 7 by @animir in #347

🔔

What's Changed

• Implement non atomic RateLimiterRedisNonAtomic by @animir in #345

💬