Potential fix for code scanning alert no. 13: Missing rate limiting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: 0xreflexivity

examples/developer-hub-javascript/package.json

@@ -17,7 +17,8 @@
     "@nomicfoundation/hardhat-toolbox": "^5.0.0",
     "cors": "^2.8.5",
     "hardhat": "^2.26.1",
-    "web3": "^4.16.0"
+    "web3": "^4.16.0",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "@babel/eslint-parser": "^7.28.0",

examples/developer-hub-javascript/x402Server.ts

@@ -16,9 +16,15 @@ import { ethers } from "ethers";
 import * as fs from "fs";
 import * as path from "path";
 import "dotenv/config";
+import rateLimit from "express-rate-limit";
 
 const app = express();
 app.use(cors());
+
+const rootRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 app.use(express.json());
 
 // Configuration
@@ -298,7 +304,7 @@ app.get("/health", (req: Request, res: Response) => {
 });
 
 // Serve frontend - inject config into HTML
-app.get("/", (req: Request, res: Response) => {
+app.get("/", rootRateLimiter, (req: Request, res: Response) => {
   const frontendPath = path.join(__dirname, "frontend.html");
   let html = fs.readFileSync(frontendPath, "utf-8");