npmpackage.info

@octokit/plugin-throttling

Octokit plugin for GitHub’s recommended request throttling

9.3.2

111

MIT

TypeScript

140,131,231 7.7

Installations

npm install @octokit/plugin-throttling

Score

72.7

Supply Chain

99.5

Quality

88.6

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

3

Total

688

Closed

42

Merged

643

Issues

Open

9

Total

65

Closed

56

Releases

v9.3.2

Published on 04 Oct 2024

v9.3.1

Published on 14 Jul 2024

v9.3.0

Published on 29 Apr 2024

v9.2.1

Published on 23 Apr 2024

v9.2.0

Published on 15 Apr 2024

v9.1.0

Published on 03 Apr 2024

View all 70 releases

Developer

octokit

Developer Guide

BETA

Module System

ESM

Min. Node Version

>= 18

Typescript Support

Yes

Node Version

20.17.0

NPM Version

10.9.0 Statistics

111 Stars

816 Commits

35 Forks

11 Watching

6 Branches

30 Contributors

Updated on 26 Nov 2024

Languages

TypeScript (92.4%)

JavaScript (7.6%)

Total Downloads

Cumulative downloads

Total Downloads

140,131,231

Last day

-5.1%

362,070

Compared to previous day

Last week

4.1%

2,169,116

Compared to previous week

Last month

7.4%

9,062,108

Compared to previous month

Last year

122.2%

85,800,702

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

plugin-throttling.js

Octokit plugin for GitHub’s recommended request throttling

Implements all recommended best practices to prevent hitting secondary rate limits.

Usage

Browsers

Browsers	Load `@octokit/plugin-throttling` and `@octokit/core` (or core-compatible module) directly from esm.sh `1<script type="module"> 2 import { Octokit } from "https://esm.sh/@octokit/core"; 3 import { throttling } from "https://esm.sh/@octokit/plugin-throttling"; 4</script>`
Node	Install with `npm install @octokit/core @octokit/plugin-throttling`. Optionally replace `@octokit/core` with a core-compatible module. `1import { Octokit } from "@octokit/core"; 2import { throttling } from "@octokit/plugin-throttling";`

Load @octokit/plugin-throttling and @octokit/core (or core-compatible module) directly from esm.sh

1<script type="module">
2  import { Octokit } from "https://esm.sh/@octokit/core";
3  import { throttling } from "https://esm.sh/@octokit/plugin-throttling";
4</script>

Node

Install with npm install @octokit/core @octokit/plugin-throttling. Optionally replace @octokit/core with a core-compatible module.

1import { Octokit } from "@octokit/core";
2import { throttling } from "@octokit/plugin-throttling";

[!IMPORTANT] As we use conditional exports, you will need to adapt your tsconfig.json by setting "moduleResolution": "node16", "module": "node16".

See the TypeScript docs on package.json "exports".
See this helpful guide on transitioning to ESM from @sindresorhus

The code below creates a "Hello, world!" issue on every repository in a given organization. Without the throttling plugin it would send many requests in parallel and would hit rate limits very quickly. But the @octokit/plugin-throttling slows down your requests according to the official guidelines, so you don't get blocked before your quota is exhausted.

The throttle.onSecondaryRateLimit and throttle.onRateLimit options are required. Return true to automatically retry the request after retryAfter seconds.

1const MyOctokit = Octokit.plugin(throttling);
2
3const octokit = new MyOctokit({
4  auth: `secret123`,
5  throttle: {
6    onRateLimit: (retryAfter, options, octokit, retryCount) => {
7      octokit.log.warn(
8        `Request quota exhausted for request ${options.method} ${options.url}`,
9      );
10
11      if (retryCount < 1) {
12        // only retries once
13        octokit.log.info(`Retrying after ${retryAfter} seconds!`);
14        return true;
15      }
16    },
17    onSecondaryRateLimit: (retryAfter, options, octokit) => {
18      // does not retry, only logs a warning
19      octokit.log.warn(
20        `SecondaryRateLimit detected for request ${options.method} ${options.url}`,
21      );
22    },
23  },
24});
25
26async function createIssueOnAllRepos(org) {
27  const repos = await octokit.paginate(
28    octokit.repos.listForOrg.endpoint({ org }),
29  );
30  return Promise.all(
31    repos.map(({ name }) =>
32      octokit.issues.create({
33        owner,
34        repo: name,
35        title: "Hello, world!",
36      }),
37    ),
38  );
39}

Pass { throttle: { enabled: false } } to disable this plugin.

Clustering

Enabling Clustering support ensures that your application will not go over rate limits across Octokit instances and across Nodejs processes.

First install either redis or ioredis:

# NodeRedis (https://github.com/NodeRedis/node_redis)
npm install --save redis

# or ioredis (https://github.com/luin/ioredis)
npm install --save ioredis

Then in your application:

1import Bottleneck from "bottleneck";
2import Redis from "redis";
3
4const client = Redis.createClient({
5  /* options */
6});
7const connection = new Bottleneck.RedisConnection({ client });
8connection.on("error", err => console.error(err));
9
10const octokit = new MyOctokit({
11  auth: 'secret123'
12  throttle: {
13    onSecondaryRateLimit: (retryAfter, options, octokit) => {
14      /* ... */
15    },
16    onRateLimit: (retryAfter, options, octokit) => {
17      /* ... */
18    },
19
20    // The Bottleneck connection object
21    connection,
22
23    // A "throttling ID". All octokit instances with the same ID
24    // using the same Redis server will share the throttling.
25    id: "my-super-app",
26
27    // Otherwise the plugin uses a lighter version of Bottleneck without Redis support
28    Bottleneck
29  }
30});
31
32// To close the connection and allow your application to exit cleanly:
33await connection.disconnect();

To use the ioredis library instead:

1import Redis from "ioredis";
2const client = new Redis({
3  /* options */
4});
5const connection = new Bottleneck.IORedisConnection({ client });
6connection.on("error", (err) => console.error(err));

Options

name	type	description
`options.retryAfterBaseValue`	`Number`	Number of milliseconds that will be used to multiply the time to wait based on `retry-after` or `x-ratelimit-reset` headers. Defaults to `1000`
`options.fallbackSecondaryRateRetryAfter`	`Number`	Number of seconds to wait until retrying a request in case a secondary rate limit is hit and no `retry-after` header was present in the response. Defaults to `60`
`options.connection`	`Bottleneck.RedisConnection`	A Bottleneck connection instance. See Clustering above.
`options.id`	`string`	A "throttling ID". All octokit instances with the same ID using the same Redis server will share the throttling. See Clustering above. Defaults to `no-id`.
`options.Bottleneck`	`Bottleneck`	Bottleneck constructor. See Clustering above. Defaults to `bottleneck/light`.

LICENSE

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

SAST

Determines if the project uses static code analysis.

9

Security-Policy

Determines if the project has published a security policy.

5

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 5

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-prettier.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update-prettier.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/plugin-throttling.js/update.yml/main?enable=pin
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Score

7.7

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@octokit/plugin-throttling

Installations

Score

Pull Requests

3

688

42

643

Issues

9

65

56

Releases

Developer

octokit

Developer Guide

ESM

>= 18

Yes

20.17.0

10.9.0

Statistics

Languages

Total Downloads

140,131,231

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

plugin-throttling.js

Usage

Clustering

Options

LICENSE

10

10

10

10

10

10

10

10

9

5

0

0

0

7.7

/10