Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
dockerfilelint
Advanced tools
Dockerfileint
is an npm module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices:
Start unit tests with npm test
From the command line:
./bin/dockerfilelint <path/to/Dockerfile>
FROM
FROM scratch
without a tagFROM <image>@<digest>
syntaxMAINTAINER
RUN
--no-install-recommends
flagrm -rf /var/lib/apt/lists/*
in the same layerapt-get upgrade
or apt-get dist-upgrade
apt-get update
without apt-get install
on the same lineCMD
CMD
layer is allowedLABEL
EXPOSE
ENV
ENV
ENV
line to reduce cache layer countADD
ADD
command could be a COPY
, then COPY
is preferredADD
to fetch remote files is discouraged because they cannot be removed from the layerCOPY
COPY
multiple files on a single command to best use cacheENTRYPOINT
VOLUME
USER
WORKDIR
WORKDIR
can only expand variables previously set in ENV
commandsARG
ONBUILD
STOPSIGNAL
FAQs
A linter for Dockerfiles to find bugs and encourage best practices
The npm package dockerfilelint receives a total of 2,208 weekly downloads. As such, dockerfilelint popularity was classified as popular.
We found that dockerfilelint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.