groenroos
commented
3 years ago Seems like the brute package listed above is a bit outdated/abandoned. However, it seems like it and all alternative packages require persistent storage (as would make sense), so it'll be a challenge to make sure the rate limiter works together with whatever db driver is applied.
Use a package like express-brute to introduce a rate limiter and protect from DDoS. The legacy code had a homebrew rate limiter, but this was removed as a temporary scope reduction - in any case, this sort of thing is best deferred to dependencies that can handle it better and more robustly.