npm news: Public registry acceptable use limits set
While 99.9% of npm’s public registry users fall within the range of acceptable use, the outliers will have to take action by either limiting their requests or purchasing the Enterprise edition. The new, clarified rules of npm’s acceptable use are listed on their blog and will be enforced starting this month, September 2019.
What is acceptable use? According to npm, 0.01 percent of users are over the threshold of what is considered acceptable use.
The reason for these limits, as stated by the blog:
As stewards of the public registry, we at npm, Inc. have a mandate to maintain a high quality of service for the entire community. Part of delivering on that mandate is to propose and enforce standards of what constitutes acceptable use. If we don’t enforce such standards now, then the cost of the infrastructure required by the registry will rise, performance will suffer, and the vast majority of users will be impacted by the over-usage of a few.
Let us see the new, clarified rules. They will be enforced starting this month, September 2019.
Acceptable use – How much is too much?
For most of the registry’s users, their usage falls within the limits of acceptable use. Thus, 99.9% of the registry’s 11 million users can continue accessing the public registry as per usual.
However, large commercial enterprises using the registry for free should take a look at their registry requests and make sure they are following protocol.
From the blog post:
We are clarifying and enforcing the definition of acceptable use regarding excessive use of the public registry:
- Up to five million requests to the registry per month are considered acceptable at this time.
- A request rate above that threshold is considered excessive, unacceptable use.
- We will reach out to organizations that consistently exceed the threshold to help them bring their usage to acceptable levels.
- In the small number of cases where we are unable to reach an agreement to resolve the issue, we will be forced to implement rate limiting to protect the quality of service of the registry for the entire community.
These new rules will go into effect starting this month, September, 2019. npm will enforce these rules via blocking or rate-limiting requests.
Organizations going over the acceptable use will receive direct contact from npm.
Solutions for falling outside of the threshold will potentially include adopting the commercial offering or reducing usage through methods such as caching requests or fixing mis-configured automation tooling.