Express Brute

screenshot of Express Brute

Express Brute

Brute-force protection middleware for express routes by rate limiting incoming requests


The express-brute is a brute-force protection middleware designed for express routes to limit incoming requests by increasing the delay with each request in a fibonacci-like sequence.


  • Rate-limits incoming requests
  • Increases delay with each request in a fibonacci-like sequence
  • Configurable options like free retries, initial wait time, maximum wait time, lifetime, etc.
  • Handles request rejection with customizable failCallback
  • Option to attach a reset method to requests
  • Supports refreshing timeout on requests
  • Handles errors with persistent store effectively


To install the express-brute middleware via npm, use the following command:

npm install express-brute


express-brute is a useful middleware for protecting express routes from brute-force attacks by limiting incoming requests and increasing delays in a fibonacci-like sequence. With customizable options and error handling mechanisms, it provides a robust solution to handle and prevent malicious activities on web applications.