Releases: animir/node-rate-limiter-flexible
Expiring Queue items
What's Changed
-
feat: add expiresUnixAt deadline option to RateLimiterQueue.removeTokens (#212) by @Ruby-Leung in #365
Queue with
removeTokens(tokens, key, expiresUnixAt)orremoveTokens(tokens, expiresUnixAt)calls.Read more on RateLimiterQueue wiki.
-
fix(postgres): don't name the one-off create-table prepared statement (#196) by @Ruby-Leung in #366
New Contributors
- @Ruby-Leung made their first contribution in #365
Full Changelog: v11.1.1...v11.2.0
🌠
Dynamic execEvenlyMinDelayMs
Dump and restore for Memory limiter
What's Changed
This is a best-effort persistence mechanism for graceful restarts (SIGTERM/SIGINT), blue/green deploys, or writing a snapshot to disk on shutdown.
Use this when losing up to 1% of request counts won’t affect security or finances, such as in overload or DoS protection.
New Contributors
Full Changelog: v11.0.2...v11.1.0
🔶
Drizzle-orm v1 support
Fix msBeforeNext delayed response
Wrappers don't require points and duration options
What's Changed
- #356 fix do not require points and duration options in wrappers by @animir in #357
RateLimiterCompatibleAbstractlightweight base class for custom wrappers
Added a minimal abstract class that defines the core interface (consume, get, set, delete, penalty, reward, block, getKey) without requiring the full RateLimiterAbstract implementation. This makes it easy to build custom wrappers that work seamlessly with RateLimiterUnion, RLWrapperTimeouts, and insurance limiters.- Fixed RateLimiterStoreAbstract.set() incorrectly calling _block instead of _set
- Fixed key parsing when keyPrefix is empty
[BREAKING CHANGES]
RLWrapperBlackAndWhite now extends RateLimiterCompatibleAbstract, and all union/wrapper/insurance classes accept both abstract types via a new isRateLimiterCompatible helper.
⏲️
Full Changelog: v10.0.1...v11.0.0
AI docs fix
Full Changelog: v10.0.0...v10.0.1
Require points and duration opts
What's Changed
[BREAKING CHANGES]
-
Require
pointsanddurationoptions by @animir in #354No default values are set for
pointsanddurationoptions starting from v10. Negativepointswill not be replaced by default points value4.
Validation rules apply.Error is thrown during limiter creation if points or duration is invalid:
-
pointsmust be number.Any limiter accepts negative
pointsas valid option starting from v10. If you migrate from older version, be careful: If in your codepointsoption is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negativepointsvalue will not be replaced by4by default as it was prior to version 10.When your limiter has negative or zero points
consumemethod call is always rejected since there is always not enough points to consume. You can setpointsto negative and play withrewardandconsumecalls, that could be useful sometimes. -
durationmust be non-negative number>= 0. Error is thrown during limiter creation ifdurationoption has invalid value.
Requiring
pointsanddurationseems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points. -
[OTHER UPDATES]
-
Faster memory limiter and block mechanism by @animir in #355
Internal memory storage implementation refactored for Map with timestamps instead of Date objects.
Memory limiter is faster on 10-15% now on high traffic with diverse keys. Tests show performance improvement from
2569948 ops/secto2885688 ops/secon my laptop.
Full Changelog: v9.1.1...v10.0.0
🐚