@octokit/plugin-throttling

v8.1.3

Octokit plugin for GitHub's recommended request throttling For more information about how to use this package see README

Latest version published 13 days ago

License: MIT

NPM

GitHub

Package Health Score

92 / 100

security
No known security issues
popularity
Influential project
maintenance
Healthy
community
Active

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
8.1.3	\|	11/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
8.0.1	\|	10/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
7.0.0	\|	07/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
6.1.0	\|	06/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
5.2.3	\|	05/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Influential project

Weekly Downloads (1,131,595)

GitHub Stars: 92
Forks: 31
Contributors: 30

Direct Usage Popularity

The npm package @octokit/plugin-throttling receives a total of 1,131,595 downloads a week. As such, we scored @octokit/plugin-throttling popularity level to be Influential project.

Based on project statistics from the GitHub repository for the npm package @octokit/plugin-throttling, we found that it has been starred 92 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: No
Code of Conduct: Yes
Contributors: 30
Funding: No

With more than 10 contributors for the @octokit/plugin-throttling repository, this is possibly a sign for a growing and inviting community.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 7
Open PR: 2
Last Release: 13 days ago
Last Commit: 2 days ago

Further analysis of the maintenance status of @octokit/plugin-throttling based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that @octokit/plugin-throttling demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >= 18

Age: 5 years
Dependencies: 2 Direct
Versions: 59
Install Size: 59.5 kB
Dist-tags: 1
# of Files: 18
Maintainers: 4
TS Typings: Yes

@octokit/plugin-throttling has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

plugin-throttling.js

> Octokit plugin for GitHub’s recommended request throttling

Implements all recommended best practices to prevent hitting secondary rate limits.

Usage

Browsers

Browsers	Load `@octokit/plugin-throttling` and `@octokit/core` (or core-compatible module) directly from esm.sh
Node	Install with `npm install @octokit/core @octokit/plugin-throttling`. Optionally replace `@octokit/core` with a core-compatible module. Note: If you use it with `@octokit/rest` v16, install `@octokit/core` as a devDependency. This is only temporary and will no longer be necessary with `@octokit/rest` v17. `const { Octokit } = require("@octokit/core"); const { throttling } = require("@octokit/plugin-throttling");`

Load @octokit/plugin-throttling and @octokit/core (or core-compatible module) directly from esm.sh

Node

Install with npm install @octokit/core @octokit/plugin-throttling. Optionally replace @octokit/core with a core-compatible module.

Note: If you use it with @octokit/rest v16, install @octokit/core as a devDependency. This is only temporary and will no longer be necessary with @octokit/rest v17.

const { Octokit } = require("@octokit/core");
const { throttling } = require("@octokit/plugin-throttling");

The code below creates a "Hello, world!" issue on every repository in a given organization. Without the throttling plugin it would send many requests in parallel and would hit rate limits very quickly. But the @octokit/plugin-throttling slows down your requests according to the official guidelines, so you don't get blocked before your quota is exhausted.

The throttle.onSecondaryRateLimit and throttle.onRateLimit options are required. Return true to automatically retry the request after retryAfter seconds.

const MyOctokit = Octokit.plugin(throttling);

const octokit = new MyOctokit({
  auth: `secret123`,
  throttle: {
    onRateLimit: (retryAfter, options, octokit, retryCount) =&gt; {
      octokit.log.warn(
        `Request quota exhausted for request ${options.method} ${options.url}`,
      );

      if (retryCount &lt; 1) {
        // only retries once
        octokit.log.info(`Retrying after ${retryAfter} seconds!`);
        return true;
      }
    },
    onSecondaryRateLimit: (retryAfter, options, octokit) =&gt; {
      // does not retry, only logs a warning
      octokit.log.warn(
        `SecondaryRateLimit detected for request ${options.method} ${options.url}`,
      );
    },
  },
});

async function createIssueOnAllRepos(org) {
  const repos = await octokit.paginate(
    octokit.repos.listForOrg.endpoint({ org }),
  );
  return Promise.all(
    repos.map(({ name }) =&gt;
      octokit.issues.create({
        owner,
        repo: name,
        title: "Hello, world!",
      }),
    ),
  );
}

Pass { throttle: { enabled: false } } to disable this plugin.

Clustering

Enabling Clustering support ensures that your application will not go over rate limits across Octokit instances and across Nodejs processes.

First install either redis or ioredis:

# NodeRedis (https://github.com/NodeRedis/node_redis)
npm install --save redis

# or ioredis (https://github.com/luin/ioredis)
npm install --save ioredis

Then in your application:

const Bottleneck = require("bottleneck");
const Redis = require("redis");

const client = Redis.createClient({
  /* options */
});
const connection = new Bottleneck.RedisConnection({ client });
connection.on("error", err =&gt; console.error(err));

const octokit = new MyOctokit({
  auth: 'secret123'
  throttle: {
    onSecondaryRateLimit: (retryAfter, options, octokit) =&gt; {
      /* ... */
    },
    onRateLimit: (retryAfter, options, octokit) =&gt; {
      /* ... */
    },

    // The Bottleneck connection object
    connection,

    // A "throttling ID". All octokit instances with the same ID
    // using the same Redis server will share the throttling.
    id: "my-super-app",

    // Otherwise the plugin uses a lighter version of Bottleneck without Redis support
    Bottleneck
  }
});

// To close the connection and allow your application to exit cleanly:
await connection.disconnect();

To use the ioredis library instead:

const Redis = require("ioredis");
const client = new Redis({
  /* options */
});
const connection = new Bottleneck.IORedisConnection({ client });
connection.on("error", (err) =&gt; console.error(err));

Options

name	type	description
`options.retryAfterBaseValue`	`Number`	Number of milliseconds that will be used to multiply the time to wait based on `retry-after` or `x-ratelimit-reset` headers. Defaults to `1000`
`options.fallbackSecondaryRateRetryAfter`	`Number`	Number of seconds to wait until retrying a request in case a secondary rate limit is hit and no `retry-after` header was present in the response. Defaults to `60`
`options.connection`	`Bottleneck.RedisConnection`	A Bottleneck connection instance. See Clustering above.
`options.id`	`string`	A "throttling ID". All octokit instances with the same ID using the same Redis server will share the throttling. See Clustering above. Defaults to `no-id`.
`options.Bottleneck`	`Bottleneck`	Bottleneck constructor. See Clustering above. Defaults to `bottleneck/light`.

LICENSE

MIT

@octokit/plugin-throttling dependencies

@octokit/types bottleneck

@octokit/plugin-throttling development dependencies

@octokit/core @octokit/request-error @octokit/tsconfig @types/fetch-mock @types/jest @types/node esbuild fetch-mock github-openapi-graphql-query glob jest npm-run-all prettier semantic-release-plugin-update-version-in-files ts-jest typescript

FAQs

What is @octokit/plugin-throttling?

Octokit plugin for GitHub's recommended request throttling. Visit Snyk Advisor to see a full health score report for @octokit/plugin-throttling, including popularity, security, maintenance & community analysis.

Is @octokit/plugin-throttling popular?

The npm package @octokit/plugin-throttling receives a total of 1,131,595 weekly downloads. As such, @octokit/plugin-throttling popularity was classified as an influential project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @octokit/plugin-throttling well maintained?

We found that @octokit/plugin-throttling demonstrated a healthy version release cadence and project activity. It has a community of 30 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is @octokit/plugin-throttling safe to use?

The npm package @octokit/plugin-throttling was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 30 November-2023, at 18:04 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP