Is express-rate-limit safe to use?

express-rate-limit has no known vulnerabilities on the latest version (8.5.2). DepScope rates its health at 88/100 (low risk).

What is the latest version of express-rate-limit?

The latest version of express-rate-limit is 8.5.2, released 2026-05-14.

Does express-rate-limit have known vulnerabilities?

No known vulnerabilities on the latest version of express-rate-limit.

Is express-rate-limit deprecated?

No, express-rate-limit is actively maintained. Latest release: 8.5.2 (2026-05-14).

What are alternatives to express-rate-limit?

Popular alternatives to express-rate-limit in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does express-rate-limit use?

express-rate-limit is licensed under MIT.

express-rate-limit

npmv8.5.2

Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

License MITpermissive126 versions2 maintainers1 deps45,540,656 weekly dl

express-rate-limit/express-rate-limit

/ 100

Health

safe to use

[email protected] is safe to use (health: 88/100)

Health breakdown0 – 100

20/25

maintenance

20/20

popularity

25/25

security

15/15

maturity

8/15

community

0/15

popularity_floor

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

39.2 KBminified

11.9 KB gzipped

1 direct dependencies

ESMside effects

🌟

TypeScript

10/10typed

bundled

Quality signals

OSS Criticality

0.77critical

Download trend

stable(+5.4%)

Publish security

npm attested

Health History

Dependency Tree

License Audit

Dependencies (1)

ip-address

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/express-rate-limit