Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
dockerlint
Advanced tools
Linting tool for Dockerfiles based on recommendations from Dockerfile Reference and Best practices for writing Dockerfiles as of Docker 1.6.
With npm just do:
$ [sudo] npm install -g dockerlint
Once installed it's as easy as:
dockerlint Dockerfile
Which will parse the file and notify you about any actual errors (such an
omitted tag when :
is set), and warn you about common pitfalls or bad idiom
such as the common use case of ADD
.
In order to treat warnings as errors, use the -p
flag.
Alternatively there is a Docker image available.
This image provides a quick and easy way to validate your Dockerfiles, without having to install Node.JS and the dockerlint dependencies on your system.
First fetch the image from the Docker Hub:
docker pull redcoolbeans/dockerlint
You can either run it directly, or use docker-compose.
For a quick one-off validation:
docker run -it --rm -v "$PWD/Dockerfile":/Dockerfile:ro redcoolbeans/dockerlint
For docker-compose use a docker-compose.yml
such as the following:
---
dockerlint:
image: redcoolbeans/dockerlint
volumes:
- ./Dockerfile:/Dockerfile
Then simply run:
docker-compose up dockerlint
This will validate the Dockerfile
in your current directory.
If you've cloned this repository, you will need the following prerequisites:
Installing prerequisites on ubuntu:
sudo apt-get update
sudo apt-get install make
sudo apt-get install npm
sudo ln -s /usr/bin/nodejs /usr/bin/node
sudo npm install -g coffee-script
You can run dockerlint
with:
make deps # runs npm install
make js && coffee bin/dockerlint.coffee
If you're building on Windows, you'll have to set the path to your make
:
npm config set dockerlint:winmake "mingw32-make.exe"
or pass it to every invocation:
npm run build:win --dockerlint:winmake=mingw32-make.exe
MIT, please see the LICENSE file.
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Linting for Dockerfiles
The npm package dockerlint receives a total of 1,762 weekly downloads. As such, dockerlint popularity was classified as popular.
We found that dockerlint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.