Is using cache for npm install in docker safe?
Motii1 opened this issue · comments
Dawid Motak commented
I was wondering about the point 8.1 Use multi-stage builds for leaner and more secure Docker images
and the example stated there:
FROM node:14.4.0 AS build
COPY . .
RUN npm ci && npm run build
FROM node:slim-14.4.0
USER node
EXPOSE 8080
COPY --from=build /home/node/app/dist /home/node/app/package.json /home/node/app/package-lock.json ./
RUN npm ci --production
CMD [ "node", "dist/app.js" ]
My idea here for speed up this build by using the cache:
FROM node:14.4.0 AS build
COPY . .
RUN npm ci --cache .npm --prefer-offline && npm run build
FROM node:slim-14.4.0
USER node
EXPOSE 8080
COPY --from=build /home/node/app/.npm ./.npm
COPY --from=build /home/node/app/dist /home/node/app/package.json /home/node/app/package-lock.json ./
RUN npm ci --production --cache .npm --prefer-offline
CMD [ "node", "dist/app.js" ]
But the only consideration that I have is Is it safe
?