rate-limiter-flexible

Flexible rate limiter for Node.js to protect against brute-force and DDoS attacks.

EstablishedOpen SourceLow lock-in

Pricing

Free tier

Flat rate

Adoption

Stable

License

Open Source

Data freshness

Aging · Jun 8, 2026

Overview

What is rate-limiter-flexible?

Rate Limiter Flexible is a powerful tool that helps developers protect their applications from brute-force and DDoS attacks by limiting the number of requests from individual clients. It's highly customizable, making it suitable for various use cases in web development.

Key differentiator

Rate Limiter Flexible offers a flexible and customizable approach to rate limiting in Node.js applications, making it an ideal choice for developers who need robust protection against DDoS and brute-force attacks without being tied to specific cloud services.

Capability profile

Capability Radar

Ease of StartEcosystemValueMaturityFlexibilityScale Ready

Honest assessment

Strengths & Weaknesses

↑ Strengths

Highly customizable rate limiting rulesmedium

Supports various storage backends (Redis, Memory)medium

Flexible time windows for rate limitsmedium

Easy integration with Express.js and other Node.js frameworksmedium

↓ Weaknesses

Steep learning curve for non-Python developershigh

API requires Python-specific patterns, TypeScript SDK is community-maintained

Frequent breaking changes between versionsmedium

v0.1 to v0.2 migration required rewriting chain definitions

Limited third-party storage backend support beyond Redis and Memoryhigh

Documentation highlights Redis and in-memory options, but lacks extensive support for other databases or cloud services

Small community size leading to slower issue resolutionmedium

GitHub repository has a low number of contributors and infrequent activity on issues and pull requests

Fit analysis

Who is it for?

✓ Best for

Developers building Node.js applications who need to protect against DDoS and brute-force attacks.

Teams working with Express.js or other Node.js frameworks that require rate limiting functionality.

✕ Not a fit for

Projects requiring real-time analytics on request patterns (rate-limiter-flexible focuses on protection, not analysis).

Applications where the overhead of setting up a storage backend like Redis would be prohibitive.

Cost structure

Pricing

Free Tier

Available

Open source — free to use

Starts at

$0

Model

Flat rate

Enterprise

None

Performance benchmarks

How Fast Is It?

Ecosystem

Relationships

Next step

Get Started with rate-limiter-flexible

Step-by-step setup guide with code examples and common gotchas.

View Setup Guide →