This project can optionally use a GitHub Personal Access Token (PAT) to increase your API rate limit when fetching data. This guide explains what a PAT is, why it matters, and how to safely create and use one.
A Personal Access Token is like a password specifically for GitHub API access. It lets tools and scripts authenticate as you when making requests to GitHub — without needing your actual password.
In this project, the PAT is used only to read public information (like repository metadata and language stats). No scopes or write permissions are required.
Without a PAT, GitHub limits your API usage to:
- ✅ 60 requests per hour (unauthenticated)
With a PAT:
- 🚀 Up to 5000 requests per hour
That matters because:
- Listing repos = 1 request per 100 repos
- Fetching languages = 1 request per repo
So if you're querying someone with many repositories, you’ll hit the limit fast unless authenticated.
-
Log in to GitHub → https://github.com
-
Navigate to Developer Settings → Click your profile pic (top-right) → Settings → Scroll down the left menu → Developer settings
-
Create Token → Select Personal access tokens → Tokens (classic) → Click Generate new token
-
Configure Your Token
-
Note: Use a name like
GitHubLangStatsTool -
Expiration: Choose your preferred duration (30 days, 90 days, or no expiration)
-
Scopes: ✅ Leave everything unchecked
This tool only reads public data — no scopes required.
-
-
Generate and Copy
- Click Generate token
- GitHub will show it once only — copy and save it immediately
- Lost it? Just regenerate a new one.
Set the token in your terminal session before running the Python script:
-
Linux/macOS:
export GITHUB_TOKEN=your_token_here python github_lang_stats.py -
Windows (CMD):
set GITHUB_TOKEN=your_token_here python github_lang_stats.py
-
Windows (PowerShell):
$env:GITHUB_TOKEN="your_token_here" python github_lang_stats.py
If you're using the browser-based version:
- Open the web app (e.g.,
index.html) - Paste your PAT into the optional input field
- The app will use it for increased rate limits
Note: Your token never leaves your browser — but it can be accessed by browser extensions. Use caution if you have untrusted extensions installed.
- Go to Your Developer Settings
- Click the Delete button next to the token you want to remove
- Generate a new one any time you need
| ✔️ Do | ❌ Don’t |
|---|---|
| Store token in env vars | Hard-code token in scripts |
| Keep your token private | Paste it in public chats/repos |
| Use no scopes for read-only use | Add unnecessary scopes |
| Regenerate expired tokens | Reuse old/insecure tokens |
| Question | Answer |
|---|---|
| Do I have to use a token? | No — but it greatly improves rate limits |
| Is it secure? | Yes, if you don’t expose it or grant extra scopes |
| What scopes are needed? | The minimal, Read-only to public repo's |
| Where do I use it? | Environment variable (Python) or browser field (Web UI) |
🔒 Use it smartly, use it safely. If in doubt — delete and regenerate.