Create GitHub Rate Limit HTML Tool

[simonw]

This tool provides an easy way to check GitHub API rate limits by:

• Using the same GitHub authentication mechanism as other tools
• Displaying rate limits for all API resources (core, search, graphql, etc.)
• Showing remaining calls, used calls, and reset times
• Color-coding warnings when limits are running low

Generated with Claude Code

[claude]

Claude finished @simonw's task —— View job

---

PR Review: GitHub Rate Limit HTML Tool

I've completed my review of the GitHub Rate Limit tool. Overall, this is a well-implemented tool that follows good practices. Here's my detailed feedback:

Review Tasks:

• Read CLAUDE.md for repository guidelines
• Read github-ratelimit.html to understand the implementation
• Read github-ratelimit.docs.md for documentation
• Analyze code quality and best practices
• Check for potential bugs or issues
• Review performance considerations
• Assess security concerns
• Evaluate test coverage needs
• Provide comprehensive review feedback

✅ Strengths

Authentication & Integration

• Correctly uses the existing GitHub auth mechanism (tools.simonwillison.net/github-auth)
• Proper token storage in localStorage with fallback handling
• Auth polling mechanism works well for OAuth flow

UI/UX Design

• Clean, terminal-inspired design with good color coding (green/yellow/red for rate limit status)
• Responsive design with mobile breakpoints
• Clear visual hierarchy and accessible color contrasts
• Good loading states and error handling

Code Structure

• Clean separation of concerns (auth, fetching, display)
• Proper error handling with user-friendly messages
• Consistent code style and formatting

🟡 Areas for Improvement

Code Quality & Best Practices

1. API Error Handling (github-ratelimit.html:350-356)

   if (error.message.includes('401') || error.message.includes('403')) {

   Consider checking response.status instead of string matching error messages, which is more reliable:

   if (response.status === 401 || response.status === 403) {

2. Magic Numbers (github-ratelimit.html:275-278)

   if (percentage <= 10) {
     return 'critical';
   } else if (percentage <= 25) {
     return 'warning';
   }

   Consider extracting these thresholds as constants:

   const CRITICAL_THRESHOLD = 10;
   const WARNING_THRESHOLD = 25;

3. Memory Leak Prevention (github-ratelimit.html:238-244)
   The auth polling interval should have a timeout to prevent indefinite polling:

   const pollInterval = setInterval(() => {
     // Add timeout after 5 minutes
   }, 1000);
   
   setTimeout(() => clearInterval(pollInterval), 300000);

Performance Considerations

4. DOM Manipulation (github-ratelimit.html:323-342)
   Using innerHTML is fine for this use case, but consider using template literals more consistently or a lightweight templating approach for better maintainability.

🔴 Security Concerns

Token Security (github-ratelimit.html:298-299)

'Authorization': `token ${token}`,

✅ Good: The token is only sent to the official GitHub API endpoint, not exposed in logs or DOM.

XSS Prevention
✅ Good: No user input is directly inserted into DOM without proper handling.

🧪 Test Coverage

Missing Test Coverage

• No automated tests for the JavaScript functionality
• Consider adding tests for:
  • Rate limit data parsing and display
  • Error handling scenarios
  • Time formatting functions
  • Responsive behavior

Manual Testing Scenarios to Verify

• Different rate limit states (normal, warning, critical)
• Network failures and API errors
• Token expiration handling
• Mobile responsiveness

📝 Documentation

The github-ratelimit.docs.md is appropriately concise but could benefit from:

• Mentioning the color-coding system
• Explaining what the different API resource types mean (core, search, graphql, etc.)

🎯 Overall Assessment

This is a solid implementation that demonstrates good understanding of:

• GitHub API integration patterns
• Modern JavaScript practices
• User experience design
• Error handling

The issues identified are minor and the tool is production-ready as-is. The code follows the repository's patterns and integrates well with the existing auth system.

Recommendation: ✅ Approve with optional improvements suggested above.

---

[simonw]

Tested on Cloudflare by manually copying across my localStorage token. It's good enough: