npm install will try to update the package-lock.json file with the current actual versions of the packages it’s installed. For installation in a Docker image, you don’t really want this; use npm ci instead to avoid this.

The other problem you’re encountering is that COPY by default makes files owned by the root user, but you’ve switched to an alternate “node” user. You probably want the application code in your image to be owned by root, and then run as an alternate user: if there’s some sort of security issue, this gives you an extra layer of protection against the code in the container getting modified.

If you do both of these things, the corrected Dockerfile would roughly look like:

FROM node:15.0.1-alpine3.10

# WORKDIR also creates the directory.  It will be owned by root,
# which is probably what you want.  (So no `RUN mkdir ...`.)
WORKDIR /home/node/app

# Stay as the root user for now.

# Install packages:
COPY package*.json ./
RUN npm ci             # not `npm install`

# Copy in the rest of the application (still owned by root):
COPY . .

# Declare runtime metadata.  Only now switch to the "node" user.
# This will not be able to modify the source code (good).
USER node
CMD ["node", "index.js"]

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top