Why check process.env.NODE_ENV? #29
Description
I'd like to be able to casually run my own tests and examples without explicitly setting NODE_ENV.
I don't see a security benefit to this.
If the user of this library is somehow exposing the options object to a client they can already arbitrary adjust the window size to something like 100,000 which is just as insecure, so there's no security benefit.
In fact, I just tested with a window of 100,000 and an arbitrary token 957 124 and in in 5 out of 10 trials each taking about 2 seconds I was able to verify.