I'm building a CLI that is for the general public to use that needs read-only access to all public repositories. What's the best way to authenticate ocotokit/rest.js so that I don't hit rate limits? I can't use a personal access token since this will be a publicly available tool. I'd rather not ask my users to log in with GitHub creds via OAuth since it only needs read access to public repos. Are there any other options?
For code that is running solely on the end-user's machine, your only choice really is to ask them to log in with their GitHub credentials or a personal access token they generate. Other than that, you can use an unauthenticated connection which will be rate limited by IP address.
No matter what system you choose, it is possible to hit rate limits and you should be checking for this and throttling your application's access accordingly.
Let us know if you have more questions.