The browser’s console will give you a helpful error text:
The problem is that DarkSky delivers its data with a header that says, in effect, “here are the domains that can access this response”. The error says that CodePen isn’t on that access list. DarkSky did, in fact, work at one point, but they’ve since changed their policies (I wonder if all of the FCC students using their free tier had something to do with this). It sounds fishy, but in actuality accessing DarkSky directly from the client is a horrible idea and they’re not wrong in trying to deter it. Services like this are actually meant to be accessed on a server and then delivered to clients in a way that’s easier to control. This is one reason the coming curriculum refresh is going to de-emphasize AJAX.
But what do we do about this now?
Use cors-anywhere. Drop this in front of your URL and you’ll get your data again.