251
GitHub is introducing rate limits for unauthenticated pulls, API calls, and web access (github.blog)
submitted 21 hours ago* (last edited 21 hours ago) by chaospatterns@lemmy.world to c/programming@programming.dev
108 comments fedilink hide all child comments

An update from GitHub: https://github.com/orgs/community/discussions/159123#discussioncomment-13148279

The rates are here: https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28

  • 60 req/hour for unauthenticated users
  • 5000 req/hour for authenticated - personal
  • 15000 req/hour for authenticated - enterprise org
you are viewing a single comment's thread
view the rest of the comments
[-] tal@lemmy.today 48 points 20 hours ago

60 req/hour for unauthenticated users

That's low enough that it may cause problems for a lot of infrastructure. Like, I'm pretty sure that the MELPA emacs package repository builds out of git, and a lot of that is on github.

[-] Xanza@lemm.ee 27 points 19 hours ago* (last edited 19 hours ago)

That’s low enough that it may cause problems for a lot of infrastructure.

Likely the point. If you need more, get an API key.

[-] lolcatnip@reddthat.com 1 points 3 hours ago

Or just make authenticated requests. I'd expect that to be well within with capabilities of anyone using MELPA, and 5000 requests per hour shouldn't pose any difficulty considering MELPA only has about 6000 total packages.

[-] hinterlufer@lemmy.world 5 points 15 hours ago

I didn't think of that - also for nvim you typically pull plugins from git repositories

[-] NotSteve_@lemmy.ca 12 points 20 hours ago

Do you think any infrastructure is pulling that often while unauthenticated? It seems like an easy fix either way (in my admittedly non devops opinion)

[-] Ephera@lemmy.ml 10 points 16 hours ago

It's gonna be problematic in particular for organisations with larger offices. If you've got hundreds of devs/sysadmins under the same public IP address, those 60 requests/hour are shared between them.

Basically, I expect unauthenticated pulls to not anymore be possible at my day job, which means repos hosted on GitHub become a pain.

[-] timbuck2themoon@sh.itjust.works 2 points 8 hours ago

Quite frankly, companies shouldn't be pulling Willy nilly from github or npm, etc anyway. It's trivial to set up something to cache repos or artifacts, etc. Plus it guards against being down when github is down, etc.

[-] NotSteve_@lemmy.ca 2 points 8 hours ago

Ah yeah that’s right, I didn’t consider large offices. I can definitely see how that’d be a problem

[-] lazynooblet@lazysoci.al 4 points 14 hours ago

Same problem for CGNAT users

[-] Semi_Hemi_Demigod@lemmy.world 5 points 19 hours ago

If I’m using Ansible or something to pull images it might get that high.

Of course the fix is to pull it once and copy the files over, but I could see this breaking prod for folks who didn’t write it that way in the first place

this post was submitted on 14 May 2025
251 points (99.2% liked)

Programming

20154 readers
657 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz