Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification & defend against common attacks.
This is the changelog of product updates for March 2024.
Our first SDK targeted the Next.js framework so the release of our Node.js SDK broadens our support to all Node.js applications. Whether you're using vanilla node:http or a framework like Express, you can now protect all Node.js code.
Rate limit header decorators
Rate limits can be used to protect endpoints from attack, but are also used to enforce quotas for APIs. In the latter case, you may want to inform users about the remaining limits.
The common approach is to add RateLimit and RateLimit-Policy headers as defined by the draft IETF spec. The new @arcjet/decorate package allows you to easily add those headers to your response.
Add ad-hoc rules
The aj instance is usually defined outside of the route handler so it can be created once and stay alive across requests for better performance. Rules are defined when you create the instance, but sometimes you might want to adjust the rule from within the handler e.g. to apply different rules for different users.
We use Arcjet on our own dashboard NextAuth login routes to protect against brute-force attacks, so we created integration guides. There is now documentation for protecting NextAuth 4 and Auth.js 5 login routes and example apps for both.
Dashboard
The requests inspector defaults to showing timestamps in your local timezone, but you can now toggle into UTC. Hover over the timestamp to see the other time. Useful if you're following the rule that all servers should be configured in UTC!