How much is too much?

npm news: Public registry acceptable use limits set

Sarah Schlothauer
© Shutterstock / andersphoto

While 99.9% of npm’s public registry users fall within the range of acceptable use, the outliers will have to take action by either limiting their requests or purchasing the Enterprise edition. The new, clarified rules of npm’s acceptable use are listed on their blog and will be enforced starting this month, September 2019.

The npm public registry has seen an upswing in usage over the past several years. The popular package manager for JavaScript released a news blog on September 13, 2019 about the acceptable usage of the public registry.

What is acceptable use? According to npm, 0.01 percent of users are over the threshold of what is considered acceptable use.

The reason for these limits, as stated by the blog:

As stewards of the public registry, we at npm, Inc. have a mandate to maintain a high quality of service for the entire community. Part of delivering on that mandate is to propose and enforce standards of what constitutes acceptable use. If we don’t enforce such standards now, then the cost of the infrastructure required by the registry will rise, performance will suffer, and the vast majority of users will be impacted by the over-usage of a few.

Let us see the new, clarified rules. They will be enforced starting this month, September 2019.

Acceptable use – How much is too much?

For most of the registry’s users, their usage falls within the limits of acceptable use. Thus, 99.9% of the registry’s 11 million users can continue accessing the public registry as per usual.

However, large commercial enterprises using the registry for free should take a look at their registry requests and make sure they are following protocol.

From the blog post:

We are clarifying and enforcing the definition of acceptable use regarding excessive use of the public registry:

  • Up to five million requests to the registry per month are considered acceptable at this time.
  • A request rate above that threshold is considered excessive, unacceptable use.
  • We will reach out to organizations that consistently exceed the threshold to help them bring their usage to acceptable levels.
  • In the small number of cases where we are unable to reach an agreement to resolve the issue, we will be forced to implement rate limiting to protect the quality of service of the registry for the entire community.

SEE ALSO: 5 alternatives to JavaScript for front-end development

These new rules will go into effect starting this month, September, 2019. npm will enforce these rules via blocking or rate-limiting requests.

Organizations going over the acceptable use will receive direct contact from npm.

Solutions for falling outside of the threshold will potentially include adopting the commercial offering or reducing usage through methods such as caching requests or fixing mis-configured automation tooling.

Enterprise solution

Last February, npm announced the availability of npm Enterprise, a managed deployment of the npm registry for large organizations. The Enterprise version is designed with enterprise-grade security in mind, and including customizable workflows, CI/CD system integration, role-based access control, and industry-standard SSO authentication.

SEE ALSO: Feathers 4: JavaScript and TypeScript framework creates real-time apps

This provides a solution for large companies running over the acceptable use of the public registry.

Visit the Enterprise-grade website for more information about the product’s offerings.

npm’s CEO resigns

This isn’t the only discussion happening at npm, Inc. On September 20, 2019 npm announced that its CEO, Bryan Bogensberger has resigned, effective immediately.

Founder of npm, Isaac Schlueter said of Bryan Bogensberger:

Bryan brought his deep experience in guiding technology companies to position npm for future growth. On behalf of the board of directors and my colleagues at npm, we wish him the best.

Issac Schlueter

Bogensberger joined npm in July, 2018.

Currently, the board of directors are looking for a new CEO. As of writing this, there is no news about who will fill his place.

Sarah Schlothauer

Sarah Schlothauer

All Posts by Sarah Schlothauer

Sarah Schlothauer is the editor for She received her Bachelor's degree from Monmouth University, West Long Branch, New Jersey. She currently lives in Frankfurt, Germany with her husband and cat where she enjoys reading, writing, and medieval reenactment. She is also the editor for Conditio Humana, an online magazine about ethics, AI, and technology.

Inline Feedbacks
View all comments