npmpackage.info

Gathering detailed insights and metrics for @octokit/plugin-throttling

Other packages similar to @octokit/plugin-throttling

@thellimist/plugin-throttling

1.0.2

Octokit plugin for GitHub's recommended request throttling

Gathering detailed insights and metrics for @octokit/plugin-throttling

@octokit/plugin-throttling - 11.0.1 | npmpackage.info

@octokit/plugin-throttling

Octokit plugin for GitHub’s recommended request throttling

11.0.1

122

MIT

TypeScript

41.55 kB

195,078,557 7.7

Installations

npm install @octokit/plugin-throttling

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Min. Node Version

>= 20

Node Version

22.15.0

NPM Version

10.9.2 Score

91.9

Supply Chain

99.5

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

727

Closed

43

Merged

683

Issues

Open

10

Total

67

Closed

57

Releases

v11.0.1

Updated on May 20, 2025

v11.0.0

Updated on May 20, 2025

v10.0.0

Updated on Apr 10, 2025

v9.6.1

Updated on Apr 03, 2025

v9.6.0

Updated on Mar 18, 2025

v9.5.0

Updated on Mar 18, 2025

View All 78 releases

Languages

TypeScript

JavaScript

TypeScript (92.92%)

JavaScript (7.08%)

Developer

octokit

Download Statistics

Total Downloads

195,078,557

Last Day

476,803

Last Week

2,670,161

Last Month

10,681,976

Last Year

105,348,762

GitHub Statistics

MIT License

122 Stars

856 Commits

37 Forks

9 Watchers

4 Branches

32 Contributors

Updated on May 20, 2025

Maintainers

View All 32 Contributors

Package Meta Information

Latest Version

11.0.1

Package Id

@octokit/plugin-throttling@11.0.1

Unpacked Size

41.55 kB

Size

9.50 kB

File Count

NPM Version

10.9.2

Node Version

22.15.0

Published on

May 20, 2025

Total Downloads

Cumulative downloads

Total Downloads

195,078,557

Last Day

476,803

Compared to previous day

Last Week

5.6%

2,670,161

Compared to previous week

Last Month

0.4%

10,681,976

Compared to previous month

Last Year

63.7%

105,348,762

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

plugin-throttling.js

Octokit plugin for GitHub’s recommended request throttling

Implements all recommended best practices to prevent hitting secondary rate limits.

Usage

Browsers

Browsers	Load `@octokit/plugin-throttling` and `@octokit/core` (or core-compatible module) directly from esm.sh `1<script type="module"> 2 import { Octokit } from "https://esm.sh/@octokit/core"; 3 import { throttling } from "https://esm.sh/@octokit/plugin-throttling"; 4</script>`
Node	Install with `npm install @octokit/core @octokit/plugin-throttling`. Optionally replace `@octokit/core` with a core-compatible module. `1import { Octokit } from "@octokit/core"; 2import { throttling } from "@octokit/plugin-throttling";`

Load @octokit/plugin-throttling and @octokit/core (or core-compatible module) directly from esm.sh

1<script type="module">
2  import { Octokit } from "https://esm.sh/@octokit/core";
3  import { throttling } from "https://esm.sh/@octokit/plugin-throttling";
4</script>

Node

Install with npm install @octokit/core @octokit/plugin-throttling. Optionally replace @octokit/core with a core-compatible module.

1import { Octokit } from "@octokit/core";
2import { throttling } from "@octokit/plugin-throttling";

[!IMPORTANT] As we use conditional exports, you will need to adapt your tsconfig.json by setting "moduleResolution": "node16", "module": "node16".

See the TypeScript docs on package.json "exports".
See this helpful guide on transitioning to ESM from @sindresorhus

The code below creates a "Hello, world!" issue on every repository in a given organization. Without the throttling plugin it would send many requests in parallel and would hit rate limits very quickly. But the @octokit/plugin-throttling slows down your requests according to the official guidelines, so you don't get blocked before your quota is exhausted.

The throttle.onSecondaryRateLimit and throttle.onRateLimit options are required. Return true to automatically retry the request after retryAfter seconds.

1const MyOctokit = Octokit.plugin(throttling);
2
3const octokit = new MyOctokit({
4  auth: `secret123`,
5  throttle: {
6    onRateLimit: (retryAfter, options, octokit, retryCount) => {
7      octokit.log.warn(
8        `Request quota exhausted for request ${options.method} ${options.url}`,
9      );
10
11      if (retryCount < 1) {
12        // only retries once
13        octokit.log.info(`Retrying after ${retryAfter} seconds!`);
14        return true;
15      }
16    },
17    onSecondaryRateLimit: (retryAfter, options, octokit) => {
18      // does not retry, only logs a warning
19      octokit.log.warn(
20        `SecondaryRateLimit detected for request ${options.method} ${options.url}`,
21      );
22    },
23  },
24});
25
26async function createIssueOnAllRepos(org) {
27  const repos = await octokit.paginate(
28    octokit.repos.listForOrg.endpoint({ org }),
29  );
30  return Promise.all(
31    repos.map(({ name }) =>
32      octokit.issues.create({
33        owner,
34        repo: name,
35        title: "Hello, world!",
36      }),
37    ),
38  );
39}

Pass { throttle: { enabled: false } } to disable this plugin.

Clustering

Enabling Clustering support ensures that your application will not go over rate limits across Octokit instances and across Nodejs processes.

First install either redis or ioredis:

# NodeRedis (https://github.com/NodeRedis/node_redis)
npm install --save redis

# or ioredis (https://github.com/luin/ioredis)
npm install --save ioredis

Then in your application:

1import Bottleneck from "bottleneck";
2import Redis from "redis";
3
4const client = Redis.createClient({
5  /* options */
6});
7const connection = new Bottleneck.RedisConnection({ client });
8connection.on("error", err => console.error(err));
9
10const octokit = new MyOctokit({
11  auth: 'secret123'
12  throttle: {
13    onSecondaryRateLimit: (retryAfter, options, octokit) => {
14      /* ... */
15    },
16    onRateLimit: (retryAfter, options, octokit) => {
17      /* ... */
18    },
19
20    // The Bottleneck connection object
21    connection,
22
23    // A "throttling ID". All octokit instances with the same ID
24    // using the same Redis server will share the throttling.
25    id: "my-super-app",
26
27    // Otherwise the plugin uses a lighter version of Bottleneck without Redis support
28    Bottleneck
29  }
30});
31
32// To close the connection and allow your application to exit cleanly:
33await connection.disconnect();

To use the ioredis library instead:

1import Redis from "ioredis";
2const client = new Redis({
3  /* options */
4});
5const connection = new Bottleneck.IORedisConnection({ client });
6connection.on("error", (err) => console.error(err));

Options

name	type	description
`options.retryAfterBaseValue`	`Number`	Number of milliseconds that will be used to multiply the time to wait based on `retry-after` or `x-ratelimit-reset` headers. Defaults to `1000`
`options.fallbackSecondaryRateRetryAfter`	`Number`	Number of seconds to wait until retrying a request in case a secondary rate limit is hit and no `retry-after` header was present in the response. Defaults to `60`
`options.connection`	`Bottleneck.RedisConnection`	A Bottleneck connection instance. See Clustering above.
`options.id`	`string`	A "throttling ID". All octokit instances with the same ID using the same Redis server will share the throttling. See Clustering above. Defaults to `no-id`.
`options.Bottleneck`	`Bottleneck`	Bottleneck constructor. See Clustering above. Defaults to `bottleneck/light`.

LICENSE

MIT

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

Security-Policy

Determines if the project has published a security policy.

5

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 5

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Score

7.7

/10

Last Scanned on 2025-05-12

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @octokit/plugin-throttling

Other packages similar to @octokit/plugin-throttling

@octokit/plugin-throttling

Installations

Developer Guide

Yes

ESM

>= 20

22.15.0

10.9.2

Score

Pull Requests

1

727

43

683

Issues

10

67

57

Releases

Languages

Developer

octokit

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

195,078,557

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

plugin-throttling.js

Usage

Clustering

Options

LICENSE

10

10

10

10

10

10

10

10

9

5

0

0

0

7.7

/10