File tree Expand file tree Collapse file tree 2 files changed +14
-0
lines changed Expand file tree Collapse file tree 2 files changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -30,6 +30,7 @@ ehthumbs.db
3030Thumbs.db
3131
3232# IDE files
33+ .devcontainer /
3334.vscode /
3435.idea /
3536* .swp
Original file line number Diff line number Diff line change @@ -9,6 +9,9 @@ COPY package*.json ./
99COPY tsconfig.json ./
1010COPY src/ ./src/
1111
12+ # Ensure latest NPM
13+ RUN npm i -g npm@latest
14+
1215# Install ALL dependencies (including dev dependencies for building)
1316RUN npm ci
1417
@@ -38,6 +41,16 @@ RUN npm ci --omit=dev --ignore-scripts && npm cache clean --force
3841# Change ownership to nodejs user
3942RUN chown -R nodejs:nodejs /app
4043
44+ # Remove unnecessary binaries and tools to harden the image
45+ RUN rm -rf /usr/local/bin/docker-entrypoint.sh \
46+ /usr/local/bin/npm \
47+ /usr/local/bin/npx \
48+ /usr/local/lib/node_modules/npm \
49+ /usr/local/lib/node_modules/corepack && \
50+ find /bin /sbin /usr/bin /usr/sbin -type f \( \
51+ -name "apk" -o -name "apk-tools" -o -name "openssh*" \
52+ \) -delete 2>/dev/null || true
53+
4154# Switch to nodejs user
4255USER nodejs
4356
You can’t perform that action at this time.
0 commit comments