Libraries.io dependencies badge is flaky #6179
Comments
mosherc
added
the
question
|
Thanks for reaching out!
Nope, those are actually very different things. Unfortunately, the Libraries.io API has been notoriously unstable over a fairly long period of time, and at least as of the time of this post, is returning an HTTP 429 response code which is driving the |
calebcartwright
added
the
needs-upstream-help
|
The behavior is indicative of rate limiting, but I also get the same result from my local so have added the upstream help label. I don't think we're using any api token for our badge server calls to the Libraries API which we could also investigate to see if it helps |
calebcartwright
added
the
service-badge
|
This works locally for me. http://localhost:8080/librariesio/release/npm/@ebth/design-system gives me @calebcartwright if you can reproduce the error locally, what does |
|
The failures are recurrent but not 100% consistent, i'm getting 429 at the moment but the badges in prod seem to be rendering at the moment. Subset of the output Request 🏹
https://libraries.io/api/npm/%40ebth%2Fdesign-system/latest/dependencies
{
"headers": {
"Accept": "application/json"
}
}
Response status code 🎯
429
Handled error 🙅
Error: Got status code 429 (expected 200)
headers: {
'content-type': 'text/plain',
'retry-after': '60',
'cache-control': 'no-cache',
'x-request-id': 'ebd11249-89d3-4638-9c45-c919b1a63054',
'x-runtime': '0.001401',
'x-cloud-trace-context': 'bcb294d24f9c42caad14b7cfbc393e5f/14773168363079047931;o=0',
'strict-transport-security': 'max-age=31536000; includeSubDomains',
vary: 'Origin',
'transfer-encoding': 'chunked',
date: 'Sat, 13 Feb 2021 16:39:58 GMT',
via: '1.1 google',
'alt-svc': 'clear',
connection: 'close'
}, |
|
Cheers 👍 This is all coming back to me now: 31c253f (this is actually the bower service, but same principle applies) We are using the API anonymously because it was giving us a higher rate limit than authenticating 😆 If I just chuck a few requests at the libraries.io API it seems like they are now actually enforcing a rate limit on anonymous API requests. As a first step, lets switch to calling them with an API key to increase our rate limit. I don't know if their documented limit for authenticated requests (60 /minute) is enough to totally fix this for the amount of requests we make. 60/minute gets us 3,600 per hour and according to the dashboard we served 1,680 libraries.io badges in the last hour and a few hundred on bower (which also uses libraries.io) so it'll probably cover us for non-peak times but I wouldn't be surprised if we exceed the limit at peak times. |
|
Unfortunately I haven't had time to work on this yet, but if anyone is interested in picking it up, here's some notes that scope out the job:
|
I don't have an account but assume we could set one up (maybe using one of the shared shields.io emails?) and/or i could create one and donate one as well |
paulmelnikow
changed the title
`shields.io` is unstable :( See badges/shields#6179
`shields.io` is unstable :( See badges/shields#6179
Are you experiencing an issue with...
🪲 Description
Whenever I use the Libraries.io dependency status badge, results are inconsistent, and I get "invalid" as a status for most packages I try. Sometimes they will work until I add a query param (logo or badge style for ex.), then they will say invalid. Also it seems like the info is straight up wrong sometimes?
TypeScript example:
🔗 Link to the badge
https://img.shields.io/librariesio/release/npm/@ebth/design-system
https://img.shields.io/librariesio/release/npm/@ebth/design-system?style=for-the-badge
For me, those two are showing different results too, the link shows the correct number but the badge above shows invalid. Then when I add the query parameter, it is invalid. Also this keeps changing every time I reload the page or paste it somewhere else...screenshot of what I'm seeing in this issue below shows the inconsistency:
libraries.io entry: https://libraries.io/npm/@ebth%2Fdesign-system
As you can see, there are many dependencies that should be out of date. The Sourcerank endpoint also does not work for me.
💡 Possible Solution
I'm guessing that zero dependencies out of date is equivalent to "invalid". Would be nice if this just said zero instead? Many common packages are showing invalid.
side note
I know you can't get Github info for private repos, but it would be nice if that info (stars, number of releases, latest release date, etc.) from npm based endpoints like Libraries.io since those can be public with a private repo.
The text was updated successfully, but these errors were encountered: