npm news: Public registry acceptable use limits set
While 99.9% of npm’s public registry users fall within the range of acceptable use, the outliers will have to take action by either limiting their requests or purchasing the Enterprise edition. The new, clarified rules of npm’s acceptable use are listed on their blog and will be enforced starting this month, September 2019.
What is acceptable use? According to npm, 0.01 percent of users are over the threshold of what is considered acceptable use.
The reason for these limits, as stated by the blog:
As stewards of the public registry, we at npm, Inc. have a mandate to maintain a high quality of service for the entire community. Part of delivering on that mandate is to propose and enforce standards of what constitutes acceptable use. If we don’t enforce such standards now, then the cost of the infrastructure required by the registry will rise, performance will suffer, and the vast majority of users will be impacted by the over-usage of a few.
Let us see the new, clarified rules. They will be enforced starting this month, September 2019.
Acceptable use – How much is too much?
For most of the registry’s users, their usage falls within the limits of acceptable use. Thus, 99.9% of the registry’s 11 million users can continue accessing the public registry as per usual.
However, large commercial enterprises using the registry for free should take a look at their registry requests and make sure they are following protocol.
From the blog post:
We are clarifying and enforcing the definition of acceptable use regarding excessive use of the public registry:
- Up to five million requests to the registry per month are considered acceptable at this time.
- A request rate above that threshold is considered excessive, unacceptable use.
- We will reach out to organizations that consistently exceed the threshold to help them bring their usage to acceptable levels.
- In the small number of cases where we are unable to reach an agreement to resolve the issue, we will be forced to implement rate limiting to protect the quality of service of the registry for the entire community.
These new rules will go into effect starting this month, September, 2019. npm will enforce these rules via blocking or rate-limiting requests.
Organizations going over the acceptable use will receive direct contact from npm.
Solutions for falling outside of the threshold will potentially include adopting the commercial offering or reducing usage through methods such as caching requests or fixing mis-configured automation tooling.
Last February, npm announced the availability of npm Enterprise, a managed deployment of the npm registry for large organizations. The Enterprise version is designed with enterprise-grade security in mind, and including customizable workflows, CI/CD system integration, role-based access control, and industry-standard SSO authentication.
This provides a solution for large companies running over the acceptable use of the public registry.
Visit the Enterprise-grade website for more information about the product’s offerings.
npm’s CEO resigns
This isn’t the only discussion happening at npm, Inc. On September 20, 2019 npm announced that its CEO, Bryan Bogensberger has resigned, effective immediately.
npm’s CEO Bryan Bogensberger has resigned: https://t.co/DR0E7VhIb6
— npm, Inc. (@npmjs) September 20, 2019
Bryan brought his deep experience in guiding technology companies to position npm for future growth. On behalf of the board of directors and my colleagues at npm, we wish him the best.
Bogensberger joined npm in July, 2018.
Currently, the board of directors are looking for a new CEO. As of writing this, there is no news about who will fill his place.