Security News
vlt Debuts New JavaScript Package Manager and Serverless Registry at NodeConf EU
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
@octokit/plugin-throttling
Advanced tools
@octokit/plugin-throttling is a plugin for Octokit, the GitHub REST API client for JavaScript. It helps manage and throttle requests to the GitHub API to avoid hitting rate limits. This is particularly useful for applications that make a large number of requests to the GitHub API.
Basic Throttling
This feature allows you to set up basic throttling for your GitHub API requests. It includes handlers for rate limits and abuse detection, allowing you to retry requests or handle them appropriately.
const { Octokit } = require('@octokit/core');
const { throttling } = require('@octokit/plugin-throttling');
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: 'personal-access-token123',
throttle: {
onRateLimit: (retryAfter, options) => {
console.warn(`Request quota exhausted for request ${options.method} ${options.url}`);
if (options.request.retryCount === 0) { // only retries once
console.log(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onAbuseLimit: (retryAfter, options) => {
console.warn(`Abuse detected for request ${options.method} ${options.url}`);
}
}
});
// Example request
octokit.request('GET /user')
.then(response => console.log(response))
.catch(error => console.error(error));
Custom Throttling Options
This feature allows you to customize throttling options such as minimum secondary rate retry time and base value for retry after. It provides more control over how your application handles rate limits and abuse detection.
const { Octokit } = require('@octokit/core');
const { throttling } = require('@octokit/plugin-throttling');
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: 'personal-access-token123',
throttle: {
onRateLimit: (retryAfter, options, octokit) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`);
if (options.request.retryCount === 0) { // only retries once
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onAbuseLimit: (retryAfter, options, octokit) => {
octokit.log.warn(`Abuse detected for request ${options.method} ${options.url}`);
},
minimumSecondaryRateRetryAfter: 100,
retryAfterBaseValue: 1000
}
});
// Example request
octokit.request('GET /user')
.then(response => console.log(response))
.catch(error => console.error(error));
axios-rate-limit is a package that adds rate limiting to axios, a popular HTTP client for Node.js and the browser. It allows you to specify the maximum number of requests per interval, making it easier to manage API rate limits. Compared to @octokit/plugin-throttling, axios-rate-limit is more general-purpose and can be used with any API, not just GitHub.
Bottleneck is a powerful rate limiter for Node.js and the browser. It provides a wide range of features including clustering, priority queues, and reservoir management. While @octokit/plugin-throttling is specifically designed for GitHub API requests, Bottleneck can be used for any type of rate-limited task, offering more flexibility and advanced features.
Octokit plugin for GitHub’s recommended request throttling
Implements all recommended best practices to prevent hitting secondary rate limits.
Browsers |
Load
|
---|---|
Node |
Install with Note: If you use it with
|
The code below creates a "Hello, world!" issue on every repository in a given organization. Without the throttling plugin it would send many requests in parallel and would hit rate limits very quickly. But the @octokit/plugin-throttling
slows down your requests according to the official guidelines, so you don't get blocked before your quota is exhausted.
The throttle.onSecondaryRateLimit
and throttle.onRateLimit
options are required. Return true
to automatically retry the request after retryAfter
seconds.
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: `secret123`,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(
`Request quota exhausted for request ${options.method} ${options.url}`
);
if (retryCount < 1) {
// only retries once
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onSecondaryRateLimit: (retryAfter, options, octokit) => {
// does not retry, only logs a warning
octokit.log.warn(
`SecondaryRateLimit detected for request ${options.method} ${options.url}`
);
},
},
});
async function createIssueOnAllRepos(org) {
const repos = await octokit.paginate(
octokit.repos.listForOrg.endpoint({ org })
);
return Promise.all(
repos.map(({ name }) =>
octokit.issues.create({
owner,
repo: name,
title: "Hello, world!",
})
)
);
}
Pass { throttle: { enabled: false } }
to disable this plugin.
Enabling Clustering support ensures that your application will not go over rate limits across Octokit instances and across Nodejs processes.
First install either redis
or ioredis
:
# NodeRedis (https://github.com/NodeRedis/node_redis)
npm install --save redis
# or ioredis (https://github.com/luin/ioredis)
npm install --save ioredis
Then in your application:
const Bottleneck = require("bottleneck");
const Redis = require("redis");
const client = Redis.createClient({
/* options */
});
const connection = new Bottleneck.RedisConnection({ client });
connection.on("error", err => console.error(err));
const octokit = new MyOctokit({
auth: 'secret123'
throttle: {
onSecondaryRateLimit: (retryAfter, options, octokit) => {
/* ... */
},
onRateLimit: (retryAfter, options, octokit) => {
/* ... */
},
// The Bottleneck connection object
connection,
// A "throttling ID". All octokit instances with the same ID
// using the same Redis server will share the throttling.
id: "my-super-app",
// Otherwise the plugin uses a lighter version of Bottleneck without Redis support
Bottleneck
}
});
// To close the connection and allow your application to exit cleanly:
await connection.disconnect();
To use the ioredis
library instead:
const Redis = require("ioredis");
const client = new Redis({
/* options */
});
const connection = new Bottleneck.IORedisConnection({ client });
connection.on("error", (err) => console.error(err));
name | type | description |
---|---|---|
options.retryAfterBaseValue
|
Number
|
Number of milliseconds that will be used to multiply the time to wait based on `retry-after` or `x-ratelimit-reset` headers. Defaults to 1000
|
options.fallbackSecondaryRateRetryAfter
|
Number
|
Number of seconds to wait until retrying a request in case a secondary rate limit is hit and no retry-after header was present in the response. Defaults to 60
|
options.connection
|
Bottleneck.RedisConnection
| A Bottleneck connection instance. See Clustering above. |
options.id
|
string
|
A "throttling ID". All octokit instances with the same ID using the same Redis server will share the throttling. See Clustering above. Defaults to no-id .
|
options.Bottleneck
|
Bottleneck
| Bottleneck constructor. See Clustering above. Defaults to `bottleneck/light`. |
FAQs
Octokit plugin for GitHub's recommended request throttling
We found that @octokit/plugin-throttling demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.