Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification & defense against common attacks.
This is the Arcjet SDK for Deno.
The Arcjet rate limit example below applies a token bucket rate limit rule to a route where we identify the user based on their ID e.g. if they are logged in. The bucket is configured with a maximum capacity of 10 tokens and refills by 5 tokens every 10 seconds. Each request consumes 5 tokens.
import "jsr:@std/dotenv/load";
import arcjet, { tokenBucket, detectBot } from "npm:@arcjet/deno";
const aj = arcjet({
key: Deno.env.get("ARCJET_KEY")!, // Get your site key from https://app.arcjet.com
characteristics: ["userId"], // track requests by a custom user ID
rules: [
// Create a token bucket rate limit. Other algorithms are supported.
tokenBucket({
mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
refillRate: 5, // refill 5 tokens per interval
interval: 10, // refill every 10 seconds
capacity: 10, // bucket maximum capacity of 10 tokens
}),
detectBot({
mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
// configured with a list of bots to allow from
// https://arcjet.com/bot-list
allow: [], // "allow none" will block all detected bots
}),
],
});
Deno.serve(
aj.handler(async function (req: Request) {
const userId = "user123"; // Replace with your authenticated user ID
const decision = await aj.protect(req, { userId, requested: 5 }); // Deduct 5 tokens from the bucket
console.log("Arcjet decision", decision);
if (decision.isDenied()) {
return Response.json({ error: "Forbidden" }, { status: 403 });
} else {
return Response.json({ message: "Hello world" });
}
}),
);Arcjet Shield protects your application against common attacks, including the OWASP Top 10. You can run Shield on every request with negligible performance impact.
import "jsr:@std/dotenv/load";
import arcjet, { shield } from "npm:@arcjet/deno";
const aj = arcjet({
key: Deno.env.get("ARCJET_KEY")!, // Get your site key from https://app.arcjet.com
rules: [
shield({
mode: "LIVE", // will block requests. Use "DRY_RUN" to log only
}),
],
});
Deno.serve(
aj.handler(async function (req: Request) {
const decision = await aj.protect(req);
if (decision.isDenied()) {
return Response.json({ error: "Forbidden" }, { status: 403 });
} else {
return Response.json({ message: "Hello world" });
}
}),
);Licensed under the Apache License, Version 2.0.