Menu
Here is my Dockerfile:
FROM node:12-slim
ENV NODE_ENV=production
WORKDIR /
# COPY . . # COPY ENTIRE FOLDER ?
COPY ./package.json ./package.json
COPY ./dist ./dist
RUN npm install --only=production
EXPOSE 8080
ENTRYPOINT npm start
Here is my .dockerignore file:
node_modules
You see that I'm just copying package.json and not package-lock.json. I guessed that, since I'll be running RUN npm install to build the image, I thought that it should create its own package-lock.json.
But I got this warning during the build:
> Step #0: > [email protected] postinstall /node_modules/protobufjs
> Step #0: > node scripts/postinstall
> Step #0:
> Step #0: npm notice created a lockfile as package-lock.json. You should commit this file.
> Step #0: npm WARN [email protected] No repository field.
> Step #0:
> Step #0: added 304 packages from 217 contributors and audited 312 packages in 15.27s
So, should I add this to my Dockerfile?
COPY ./package-lock.json ./package-lock.json
838
json intact. It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.
json is created for locking the dependency with the installed version. It will install the exact latest version of that package in your application and save it in package.
json appears in your project directory. Don't delete that package-lock file, run npm install and regenerate it! package-lock. json, a file generated by npm since v5 was released in 2017, does what its name suggests: helps lock package dependencies down, as well as their sub-dependencies.
json file is using lockfileVersion: 2 it has likely changed since you updated from an older npm version. "lockfileVersion": 2, The new file is flattened to increase performance when reading and writing. this inadvertently makes the file much longer.
Create a file named .dockerignore in the same folder as the Dockerfile with the following contents. .dockerignore files are an easy way to selectively copy only image relevant files. You can read more about this here .
when you generated your package-lock.json, you built locally under a different operating system than Alpine Linux when you generated your package-lock.json, you npm install -ed locally under a different version of npm from the Docker container, it may have treated the lockfile relationship differently
The Dockerfile is the starting point for creating a Docker image. The file format provides a well-defined set of directives that allow you to copy files or folders, run commands, set environment variables, and do other tasks required to create a container image.
So, should I add this to my Dockerfile? You should absolutely copy the package-lock.json file in.
You should absolutely copy the package-lock.json file in. It has a slightly different role from the package.json file: package.json can declare "I'm pretty sure my application works with version 17 of the react package", where package-lock.json says "I have built and tested with exactly version 17.0.1 of that package".
Once you have both files, there is a separate npm ci command that's optimized for this case.
COPY package.json package-lock.json .
# Run `npm ci` _before_ copying the application in
RUN NODE_ENV=production npm ci
# If any file in `dist` changes, this will stop Docker layer caching
COPY ./dist ./dist
It depends if you want to have exactly the same env everywhere. If yes, package-lock.json is needed. There is a nice post about it here: https://stackoverflow.com/a/64014814/4925213
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
