dockerfile-ast
Advanced tools
The dockerfile-ast NPM module is a Dockerfile parser written in TypeScript.
The module provides full programmatic access to a parsed Dockerfile.
Supported features:
escape parser directive considered when parsingARG and ENV variable lookup and resolutionUnsupported:
\r as a a line delimiter
\r\n and \n are supported as being line delimiters\r is detected the parser assumes that it is followed by a \nIf you wish to build and compile this project, you must first install Node.js if you have not already done so. After you have installed Node.js and cloned the repository with Git, you may now proceed to build and compile the project with the following commands:
npm install
npm run build
npm test
If you are planning to change the code, use npm run watch to get the
TypeScript files transpiled on-the-fly as they are modified.
To add this library as a dependency to your project, please add dockerfile-ast as a dependency in your package.json file.
import { DockerfileParser } from 'dockerfile-ast';
const content =
`FROM alpine
ExposE 8080`
let dockerfile = DockerfileParser.parse(content);
let instructions = dockerfile.getInstructions();
for (let instruction of instructions) {
// FROM
// EXPOSE
console.log(instruction.getKeyword());
// FROM
// ExposE
console.log(instruction.getInstruction());
}
dockerfilelint is a linter for Dockerfiles that checks for best practices and common errors. Unlike dockerfile-ast, which focuses on parsing and AST manipulation, dockerfilelint is primarily used for static analysis and linting of Dockerfiles.
dockerfile-utils provides utilities for working with Dockerfiles, including parsing and generating Dockerfiles. It offers similar parsing capabilities to dockerfile-ast but also includes additional utilities for Dockerfile manipulation and generation.
FAQs
Parse a Dockerfile into an array of instructions and comments.
The npm package dockerfile-ast receives a total of 470,489 weekly downloads. As such, dockerfile-ast popularity was classified as popular.
We found that dockerfile-ast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket detected a malicious supply chain attack on PyPI package lightning versions 2.6.2 and 2.6.3, which execute credential-stealing malware on import.
Research
A brand-squatted TanStack npm package used postinstall scripts to steal .env files and exfiltrate developer secrets to an attacker-controlled endpoint.
Research
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environments.