Skip to content
pg-ratelimit

pg-ratelimit

Rate limiting backed by your existing Postgres. No Redis, no extra infrastructure.
Get Started GitHub 
import { Pool } from "pg";
import { Ratelimit } from "pg-ratelimit";


const pool = new Pool();
const ratelimit = new Ratelimit({
  pool,
  prefix: "api",
  limiter: Ratelimit.fixedWindow(10, "60s"),
});


const { success } = await ratelimit.limit("user:123");
if (!success) {
  return new Response("Too Many Requests", { status: 429 });
}

Zero runtime dependencies

Just pg as a peer dependency. No Redis, no extra services - use the Postgres you already have.

Three algorithms

Fixed window, sliding window, and token bucket. Pick the right tradeoff for your use case.

Serverless-safe

No background processes or singletons. Probabilistic inline cleanup with no long-lived state. Works in Lambda, Vercel, and other serverless platforms.

Upstash-compatible API

Same limit(), blockUntilReady(), getRemaining(), and resetUsedTokens() surface. Migrate with minimal code changes.

Why pg-ratelimit?

Section titled “Why pg-ratelimit?”

Most rate limiting libraries require Redis or a dedicated service. If you already run PostgreSQL, you already have everything you need.

  • No extra infrastructure - zero runtime dependencies beyond pg. No Redis, no sidecars, no new thing to monitor.
  • Durable mode - logged tables survive crashes, useful for billing and quota enforcement.
  • UNLOGGED tables - skip WAL writes to reduce overhead. In benchmarks a single node handles ~6,700 req/s, or ~10,300 req/s with in-memory blocking enabled.