CODEWITHSUNDEEP
node.jsdockernpmwarnings
Natalie Perret
Natalie Perret

Reputation: 8997

How to get rid of the package-lock.json warning when building a node app image with Docker?

I am playing with Docker to create a small node app image and I would like to get rid of the warning below:

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

when building my image

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/5 : FROM node:alpine
 ---> cd4fae427afc
Step 2/5 : COPY ./package.json ./
 ---> 990e1ee0398d
Step 3/5 : RUN npm install
 ---> Running in 8ffb61d273e4
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

added 48 packages from 36 contributors and audited 121 packages in 1.675s
found 0 vulnerabilities

Removing intermediate container 8ffb61d273e4
 ---> fff34a1d0b4e
Step 4/5 : COPY ./ ./
 ---> ace2bc83a3f9
Step 5/5 : CMD [ "npm", "start" ]
 ---> Running in fa9d0a961867
Removing intermediate container fa9d0a961867
 ---> 34a593a4b338
Successfully built 34a593a4b338
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

My Dockerfile

FROM node:alpine

COPY ./package.json ./
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]

//Load express module with `require` directive
var express = require('express')
var app = express()

//Define request response in root URL (/)
app.get('/', (req, res) => {
    res.send('How are you doing');
});

//Launch listening server on port 8081
app.listen(8080, () => {
    console.log('Listening on port 8080');
});

and package.json:

{
  "name": "webserver",
  "version": "1.0.0",
  "description": "",
  "repository": "",
  "main": "index.js",
  "scripts": {
    "start": "node index.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "*"
  }
}

I also think it's kinda weird that there is also a warning about the lack description and repository fields since both are present in my package.json above.

Upvotes: 1

Views: 4348

Answers (2)

HTN
HTN

Reputation: 3594

You should not use your time for something like this. It is a good idea to add package-lock.json file when building your application. If you REALLY want to not provide this file, just ignore the warning message.

Upvotes: 0

Natalie Perret
Natalie Perret

Reputation: 8997

According to the answer here

I can disable package-lock.json globally in the intermediate container:

RUN npm config set package-lock false

FROM node:alpine

COPY ./package.json ./
RUN npm config set package-lock false
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]

Which now outputs:

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/6 : FROM node:alpine
 ---> cd4fae427afc
Step 2/6 : COPY ./package.json ./
 ---> Using cache
 ---> 94e9c22361a2
Step 3/6 : RUN npm config set package-lock false
 ---> Using cache
 ---> 8d3df1028a80
Step 4/6 : RUN npm install
 ---> Using cache
 ---> 254d4ccce8ac
Step 5/6 : COPY ./ ./
 ---> Using cache
 ---> 48a1990903a6
Step 6/6 : CMD [ "npm", "start" ]
 ---> Using cache
 ---> 53cf819f42e7
Successfully built 53cf819f42e7
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

Upvotes: 3

Related Questions