Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
token-dealer
Advanced tools
Changelog
3.0.0 (2018-08-07)
<a name="2.1.1"></a>
Readme
Circumvent API rate limits by having several API tokens and let the dealer manage and give them to you.
Several public APIs, such as GitHub and Twitter, have rate limits applied per account. To multiply these rate limits, you must have a farm of tokens associated to multiple accounts, either donated or created by you. This is where token-dealer
comes in, making it easy to
manage these tokens and their usage.
$ npm install token-dealer
Calls fn(token, exhaust)
with the most appropriate token
from tokens
and a exhaust
function that you may call to signal that the token is exhausted.
Basically the only thing you must do is call exhaust(reset, [retry])
whenever you know that the token may not be used again until reset
(timestamp in ms). Additionally, you may retry if the operation you were trying to do failed because the token was exhausted, causing fn
to be called again with another token.
Here's an example from a request to the GitHub API using got:
const tokenDealer = require('tokenDealer');
const got = require('got');
const tokens = [
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb',
];
tokenDealer(tokens, (token, exhaust) => {
const handleRateLimit = (response, err) => {
if (response.headers['x-ratelimit-remaining'] === '0') {
const isRateLimitError = err && err.statusCode === 403 && /rate limit/i.test(response.body.message);
exhaust(Number(response.headers['x-ratelimit-reset']) * 1000, isRateLimitError);
}
};
return got('https://api.github.com/repos/moxystudio/node-cross-spawn', {
json: true,
headers: { Authorization: `token ${token}` },
})
.then((response) => {
handleRateLimit(response);
return response;
}, (err) => {
err.response && handleRateLimit(err.response, err);
throw err;
});
})
.then((response) => {
// ...
}, (err) => {
// If all tokens are exhausted, err.code will be 'EALLTOKENSEXHAUSTED'
});
Available options:
group
: The group associated to the tokens; this effectively groups tokens to prevent conflicts (e.g. github
, defaults to default
).wait
: True to wait for a token to be free in case all are exhausted (defaults to false
); alternatively you may pass a function that will be called with [token, duration]
so that you can decide to wait dynamically.lru
: A custom LRU cache instance to be used internally.onExhausted
: Called with (token, reset)
whenever a token become exhausted (defaults to null
).If tokens
is nullish or an empty array, the given token
will be an empty string.
Get the tokens usage for tokens
. The available options are group
and lru
which are the same as tokenDealer()
.
const tokenDealer = require('tokenDealer');
const tokens = [
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb',
];
const usage = tokenDealer.getTokensUsage(tokens);
// `usage` looks like this:
// {
// 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': {
// exhausted: true, // true if exhausted, false otherwise
// reset: 1455996883369, // the timestamp in which the token will become available again
// inflight: 0, // the number of deliveries (`fn` calls) that still haven't completed
// },
// 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb': {
// // ...
// }
// }
$ npm test
$ npm test -- --watch
during development
Released under the MIT License.
FAQs
Circumvent API rate limits by having several API tokens and let the dealer manage and give them to you
The npm package token-dealer receives a total of 1 weekly downloads. As such, token-dealer popularity was classified as not popular.
We found that token-dealer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.