Add Token-Based Rate Limiting for api.npmjs.org

[cwtuan]

Select Topic Area

General

Body

Issue

The public NPM API (api.npmjs.org), used for fetching data like download counts, currently implements strict rate limiting for unauthenticated requests. This frequently results in HTTP 429 Too Many Requests errors and Cloudflare Error 1015 pages, severely impacting legitimate tools and scripts that need to access this public data.

Suggestion

Following the example of other public APIs (e.g., GitHub API), please consider implementing an optional token-based authentication system for api.npmjs.org:

• Allow developers to use an NPM access token (e.g., via an Authorization header).
• Requests authenticated with a token would be subject to a higher, more predictable rate limit quota.
• Unauthenticated requests would retain the current (or similar) stricter limits.

Benefits

• Enables Reliable Tooling: Developers could build more stable and robust tools for the NPM ecosystem.
• Fair Usage: Differentiates between casual users and automated tools requiring more access.
• Industry Standard: Aligns with common practices seen in other major public APIs.

Thank you for considering this enhancement.

[iyawnnn]

Suggestion: Implement Token-Based Rate Limiting for api.npmjs.org

It seems that the current rate-limiting for unauthenticated requests to api.npmjs.org often leads to issues like HTTP 429 errors and Cloudflare Error 1015, which disrupts many tools and scripts relying on this public data.

To improve reliability, I suggest implementing an optional token-based authentication system similar to what other public APIs (e.g., GitHub API) use. Here’s how it could work:

• Token Authentication: Allow developers to authenticate using an NPM access token via the Authorization header.
• Higher Rate Limits: Requests authenticated with a token could receive a higher, more predictable rate limit, improving stability for automation tools.
• Unauthenticated Rate Limits: Requests without a token would still be subject to stricter limits, preserving fair usage.

Benefits:

• More Reliable Tooling: This change would allow developers to create more stable and resilient tools within the NPM ecosystem.
• Fairer Usage: It would better differentiate between casual users and automated tools that need more access.
• Industry Standard: Many other major public APIs already use token-based rate limiting, making this approach familiar and effective.

This would go a long way in enhancing the user experience for both casual users and developers relying on API access for automation.