Ensure Pin version in 'npm' install
Version pinning forces the build to retrieve a particular version regardless of what's in the cache. This technique can also reduce failures due to unanticipated changes in required packages.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR036
REMEDIATION
If the image previously used an older version, specifying the new one causes a cache bust of npm
update and ensures the installation of the new version. Listing packages on each line can also prevent mistakes in package duplication.
FROM node:12
RUN npm install
- RUN npm install sax
+ RUN npm install [email protected]
- RUN npm install sax | grep fail && npm install sax
+ RUN npm install [email protected] | grep fail && npm install sax@latest
Read more:
- TBD
Updated about 1 year ago