- Fixed
peerDependencies
compatibility with express 5 beta.
- Allowed
express-slow-down
to be used withexpress
v5.
- Fixed an incorrect
WRN_ERL_MAX_ZERO
warning when supplying a custom validation object in the config.
express-slow-down v2 is built on top of express-rate-limit v7.
- Changed behavior of
delayMs
when set to a number- Previous behavior multiplied
delayMs
value by the number of slowed requests to determine the delay amount - New behavior treats a numeric value as a fixed delay that is applied to each slowed request without multiplication
- Set to
function(used) { return (used - this.delayAfter) * 1000; }
to restore old behavior. (Change1000
to match old value if necessary.)
- Previous behavior multiplied
- Changed arguments passed to
delayMs
when set to a function- Previous signature was
function(req, res): number
- New signature is
function(used, req, res): number | Promise<number>
whereused
is the number of hits from this user during the current window
- Previous signature was
- Dropped support for
onLimitReached
method - Dropped support for
headers
option - Renamed
req.slowDown.current
toreq.slowDown.used
current
is now a hidden getter that will return theused
value, but will not be included when iteration over keys or running throughJSON.stringify()
delayAfter
,delayMs
, andmaxDelayMs
may now be async functions that return a number or a promise that resolves to a number- The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
- Now using express-rate-limit's validator to detect and warn about common misconfigurations. See https://github.com/express-rate-limit/express-rate-limit/wiki/Error-Codes for more info.