RATE001infoPro

missing-rate-limit

API endpoint may need rate limiting.

Applies to: Go, JavaScript, Python, Ruby, Rust, TypeScript

Why this matters

Public API endpoints without rate limiting are vulnerable to abuse and DoS attacks. Authentication endpoints, data creation endpoints, and expensive operations should have rate limits to protect your service and other users.

Catch it before it ships

pip install stablestack # or: npx stablestackstablestack # scans your project, RATE001 includedstablestack explain RATE001

RATE001 is part of the Pro rule set. See pricing — the free tier ships 24 checks with no signup.

False positive in your codebase? Suppress a single line with # noqa: RATE001