npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dockerfilelint

v1.8.0

Published

A linter for Dockerfiles to find bugs and encourage best practices

Downloads

23,259

Readme

Linter and validator for Dockerfile

Coverage Status Build Status

dockerfilelint is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.

Installation

Global installation with npm package manager.

npm install -g dockerfilelint

Testing

Start unit tests with npm test, yarn run test, or docker-compose -f docker-compose.test.yml up

Running

From the command line:

./bin/dockerfilelint <path/to/Dockerfile>

Command Line options

Usage: dockerfilelint [files | content..] [options]

Options:
  -o, --output   Specify the format to use for output of linting results. Valid values
                 are `json` or `cli` (default).                               [string]
  -j, --json     Output linting results as JSON, equivalent to `-o json`.    [boolean]
  -v, --version  Show version number                                         [boolean]
  -h, --help     Show help                                                   [boolean]

Examples:
  dockerfilelint Dockerfile         Lint a Dockerfile in the current working
                                    directory

  dockerfilelint test/example/* -j  Lint all files in the test/example directory and
                                    output results in JSON

  dockerfilelint 'FROM latest'      Lint the contents given as a string on the
                                    command line

  dockerfilelint < Dockerfile       Lint the contents of Dockerfile via stdin

Configuring

You can configure the linter by creating a .dockerfilelintrc with the following syntax:

rules:
  uppercase_commands: off

The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.

The following rules are supported:

required_params
uppercase_commands
from_first
invalid_line
sudo_usage
apt-get_missing_param
apt-get_recommends
apt-get-upgrade
apt-get-dist-upgrade
apt-get-update_require_install
apkadd-missing_nocache_or_updaterm
apkadd-missing-virtual
invalid_port
invalid_command
expose_host_port
label_invalid
missing_tag
latest_tag
extra_args
missing_args
add_src_invalid
add_dest_invalid
invalid_workdir
invalid_format
apt-get_missing_rm
deprecated_in_1.13

From a Docker container

(Replace the pwd/Dockerfile with the path to your local Dockerfile)

docker run -v `pwd`/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile

Online

If you don't want to install this locally you can try it out on https://fromlatest.io.

Checks performed

FROM

  • [x] This should be the first command in the Dockerfile
  • [x] Base image should specify a tag
  • [x] Base image should not use latest tag
  • [x] Support FROM scratch without a tag
  • [x] Support the FROM <image>@<digest> syntax
  • [ ] Allow config to specify "allowed" base layers

MAINTAINER

  • [x] Should be followed by exactly 1 parameter (@ sign)

RUN

  • [x] sudo is not included in the command
  • [x] apt-get [install | upgrade | remove] should include a -y flag
  • [x] apt-get install commands should include a --no-install-recommends flag
  • [x] apt-get install commands should be paired with a rm -rf /var/lib/apt/lists/* in the same layer
  • [x] Avoid running apt-get upgrade or apt-get dist-upgrade
  • [x] Never run apt-get update without apt-get install on the same line
  • [x] apk add commands should include a --no-cache flag or be paired with an --update flag with rm -rf /var/cache/apk/* in the same layer
  • [x] apk add support for --virtual flag
  • [ ] handle best practices for yum operations and cleanup

CMD

  • [x] Only a single CMD layer is allowed
  • [ ] Better handling of escaped quotes
  • [ ] Detect exec format with expected variable substitution

LABEL

  • [x] Format should be key=value

EXPOSE

  • [x] Only the container port should be listed
  • [ ] All ports should be exposed in a single cache layer (line)
  • [ ] The same port number should not be exposed multiple times
  • [x] Exposed ports should be numeric and in the accepted range

ENV

  • [x] Format of ENV
  • [ ] Best practice of only using a single ENV line to reduce cache layer count

ADD

  • [x] Command should have at least 2 parameters
  • [x] Source command(s) cannot be absolute or relative paths that exist outside of the current build context
  • [x] Commands with wildcards or multiple sources require that destination is a directory, not a file
  • [ ] If an ADD command could be a COPY, then COPY is preferred
  • [ ] Using ADD to fetch remote files is discouraged because they cannot be removed from the layer

COPY

  • [ ] Implement checking (similar to ADD)
  • [ ] Do not COPY multiple files on a single command to best use cache

ENTRYPOINT

  • [ ] Support

VOLUME

  • [ ] Format
  • [ ] Any build steps after VOLUME is declare should not change VOLUME contents
  • [ ] If JSON format, double quotes are required

USER

  • [x] Should be followed by exactly 1 parameter

WORKDIR

  • [x] Validate that it has exactly 1 parameter
  • [x] WORKDIR can only expand variables previously set in ENV commands

ARG

  • [ ] Support
  • [ ] Prevent redefining the built in ARGs (proxy)

ONBUILD

  • [ ] Support

STOPSIGNAL

  • [ ] Validate input
  • [ ] Only present one time

HEALTHCHECK

  • [x] No additional parameters when only parameter is NONE
  • [x] Options before CMD are valid
  • [x] Options before CMD have additional arguments

Misc

  • [x] Only valid Dockerfile commands are present
  • [x] All commands should have at least 1 parameter
  • [x] Check that commands are written as upper case commands