looks like the spirit of this package is to be a full on server (as opposed to a consumable express module) in that case a rate limiter is probably a good idea for production.
There are a few rate limiter packages out there but rate limiting comes with another issue in that you need some sort of fingerprinting and if you get the fingerprinting wrong that's a ripe opportunity for a DOS...
looks like the spirit of this package is to be a full on server (as opposed to a consumable express module) in that case a rate limiter is probably a good idea for production.
There are a few rate limiter packages out there but rate limiting comes with another issue in that you need some sort of fingerprinting and if you get the fingerprinting wrong that's a ripe opportunity for a DOS...