DEV Community

Discussion on: Non-atomic increments in NodeJS or how I found a vulnerability in express-brute package.

Collapse
 
salmanahmad94 profile image
salmanahmad94

Good job, Roman! I was checking out the rate-limiter-flexible package the other day and I must say, the approach is very thoughtful. Would you consider your package to be the best out there for rate limiting in express applications that deal with financial transactions, and therefore require high security? Also, what improvements would you like to see in future pull requests?

Collapse
 
animir profile image
Roman Voloboev

Thank you for your comment, salmanahmad94!
I'm pretty sure rate-limiter-flexible package is the best in terms of flexibility. Some features as Insurance and Block strategy, Cluster limiter, etc. are unique. There is also express-rate-limit package, which has enough options for 50% express applications. Regarding financial transactions there is no much to say without details. May be I'd be able to discuss that, if you describe requirements.

There is a plan for implementing limiters for popular DBs like Oracle, Cassandra, Aerospike in the future. It adds more flexibility, since developer can use the same package no matter what happens.