Why check process.env.NODE_ENV?

[coolaj86]

I'd like to be able to casually run my own tests and examples without explicitly setting NODE_ENV.

I don't see a security benefit to this.

If the user of this library is somehow exposing the options object to a client they can already arbitrary adjust the window size to something like 100,000 which is just as insecure, so there's no security benefit.

In fact, I just tested with a window of 100,000 and an arbitrary token 957 124 and in in 5 out of 10 trials each taking about 2 seconds I was able to verify.

[guyht]

This was intended as more of a warning. Rather than removing the error completely, how about just logging a warning message?