Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
By Douglas Coburn - Sep 13, 2024
@octokit/plugin-throttling
Advanced tools
@octokit/plugin-throttling
Octokit plugin for GitHub's recommended request throttling
What is @octokit/plugin-throttling?
@octokit/plugin-throttling is a plugin for Octokit, the GitHub REST API client for JavaScript. It helps manage and throttle requests to the GitHub API to avoid hitting rate limits. This is particularly useful for applications that make a large number of requests to the GitHub API.
What are @octokit/plugin-throttling's main functionalities?
Basic Throttling
This feature allows you to set up basic throttling for your GitHub API requests. It includes handlers for rate limits and abuse detection, allowing you to retry requests or handle them appropriately.
const { Octokit } = require('@octokit/core');
const { throttling } = require('@octokit/plugin-throttling');
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: 'personal-access-token123',
throttle: {
onRateLimit: (retryAfter, options) => {
console.warn(`Request quota exhausted for request ${options.method} ${options.url}`);
if (options.request.retryCount === 0) { // only retries once
console.log(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onAbuseLimit: (retryAfter, options) => {
console.warn(`Abuse detected for request ${options.method} ${options.url}`);
}
}
});
// Example request
octokit.request('GET /user')
.then(response => console.log(response))
.catch(error => console.error(error));Custom Throttling Options
This feature allows you to customize throttling options such as minimum secondary rate retry time and base value for retry after. It provides more control over how your application handles rate limits and abuse detection.
const { Octokit } = require('@octokit/core');
const { throttling } = require('@octokit/plugin-throttling');
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: 'personal-access-token123',
throttle: {
onRateLimit: (retryAfter, options, octokit) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`);
if (options.request.retryCount === 0) { // only retries once
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onAbuseLimit: (retryAfter, options, octokit) => {
octokit.log.warn(`Abuse detected for request ${options.method} ${options.url}`);
},
minimumSecondaryRateRetryAfter: 100,
retryAfterBaseValue: 1000
}
});
// Example request
octokit.request('GET /user')
.then(response => console.log(response))
.catch(error => console.error(error));Other packages similar to @octokit/plugin-throttling
axios-rate-limit
axios-rate-limit is a package that adds rate limiting to axios, a popular HTTP client for Node.js and the browser. It allows you to specify the maximum number of requests per interval, making it easier to manage API rate limits. Compared to @octokit/plugin-throttling, axios-rate-limit is more general-purpose and can be used with any API, not just GitHub.
bottleneck
Bottleneck is a powerful rate limiter for Node.js and the browser. It provides a wide range of features including clustering, priority queues, and reservoir management. While @octokit/plugin-throttling is specifically designed for GitHub API requests, Bottleneck can be used for any type of rate-limited task, offering more flexibility and advanced features.
plugin-throttling.js
Octokit plugin for GitHub’s recommended request throttling
Implements all recommended best practices to prevent hitting secondary rate limits.
Usage
| Browsers |
Load |
|---|---|
| Node |
Install with Note: If you use it with |
[!IMPORTANT] As we use conditional exports, you will need to adapt your
tsconfig.jsonby setting"moduleResolution": "node16", "module": "node16".See the TypeScript docs on package.json "exports".
See this helpful guide on transitioning to ESM from @sindresorhus
The code below creates a "Hello, world!" issue on every repository in a given organization. Without the throttling plugin it would send many requests in parallel and would hit rate limits very quickly. But the @octokit/plugin-throttling slows down your requests according to the official guidelines, so you don't get blocked before your quota is exhausted.
The throttle.onSecondaryRateLimit and throttle.onRateLimit options are required. Return true to automatically retry the request after retryAfter seconds.
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: `secret123`,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(
`Request quota exhausted for request ${options.method} ${options.url}`,
);
if (retryCount < 1) {
// only retries once
octokit.log.info(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onSecondaryRateLimit: (retryAfter, options, octokit) => {
// does not retry, only logs a warning
octokit.log.warn(
`SecondaryRateLimit detected for request ${options.method} ${options.url}`,
);
},
},
});
async function createIssueOnAllRepos(org) {
const repos = await octokit.paginate(
octokit.repos.listForOrg.endpoint({ org }),
);
return Promise.all(
repos.map(({ name }) =>
octokit.issues.create({
owner,
repo: name,
title: "Hello, world!",
}),
),
);
}
Pass { throttle: { enabled: false } } to disable this plugin.
Clustering
Enabling Clustering support ensures that your application will not go over rate limits across Octokit instances and across Nodejs processes.
First install either redis or ioredis:
# NodeRedis (https://github.com/NodeRedis/node_redis)
npm install --save redis
# or ioredis (https://github.com/luin/ioredis)
npm install --save ioredis
Then in your application:
import Bottleneck from "bottleneck";
import Redis from "redis";
const client = Redis.createClient({
/* options */
});
const connection = new Bottleneck.RedisConnection({ client });
connection.on("error", err => console.error(err));
const octokit = new MyOctokit({
auth: 'secret123'
throttle: {
onSecondaryRateLimit: (retryAfter, options, octokit) => {
/* ... */
},
onRateLimit: (retryAfter, options, octokit) => {
/* ... */
},
// The Bottleneck connection object
connection,
// A "throttling ID". All octokit instances with the same ID
// using the same Redis server will share the throttling.
id: "my-super-app",
// Otherwise the plugin uses a lighter version of Bottleneck without Redis support
Bottleneck
}
});
// To close the connection and allow your application to exit cleanly:
await connection.disconnect();
To use the ioredis library instead:
import Redis from "ioredis";
const client = new Redis({
/* options */
});
const connection = new Bottleneck.IORedisConnection({ client });
connection.on("error", (err) => console.error(err));
Options
| name | type | description |
|---|---|---|
options.retryAfterBaseValue
|
Number
|
Number of milliseconds that will be used to multiply the time to wait based on `retry-after` or `x-ratelimit-reset` headers. Defaults to 1000
|
options.fallbackSecondaryRateRetryAfter
|
Number
|
Number of seconds to wait until retrying a request in case a secondary rate limit is hit and no retry-after header was present in the response. Defaults to 60
|
options.connection
|
Bottleneck.RedisConnection
| A Bottleneck connection instance. See Clustering above. |
options.id
|
string
|
A "throttling ID". All octokit instances with the same ID using the same Redis server will share the throttling. See Clustering above. Defaults to no-id.
|
options.Bottleneck
|
Bottleneck
| Bottleneck constructor. See Clustering above. Defaults to `bottleneck/light`. |
LICENSE
FAQs
Octokit plugin for GitHub's recommended request throttling
The npm package @octokit/plugin-throttling receives a total of 1,898,214 weekly downloads. As such, @octokit/plugin-throttling popularity was classified as popular.
We found that @octokit/plugin-throttling demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 14 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Wildcard Gamble: Understanding the Risks of Floating Dependency Ranges in npm
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
By Sarah Gooding - Sep 13, 2024
Security News
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
By Sarah Gooding - Sep 12, 2024