JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 4953
  • Score
    100M100P100Q120488F
  • License MIT

A linter for Dockerfiles to find bugs and encourage best practices

Package Exports

  • dockerfilelint

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (dockerfilelint) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Linter and validator for Dockerfile

Coverage Status Build Status

Dockerfileint is an npm module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices:

Testing

Start unit tests with npm test

Running

From the command line:

./bin/dockerfilelint <path/to/Dockerfile>

If you don't want to install this locally you can try it out here.

Checks performed

FROM

  • This should be the first command in the Dockerfile
  • Base image should specify a tag
  • Base image should not use latest tag
  • Support FROM scratch without a tag
  • Support the FROM <image>@<digest> syntax
  • Allow config to specify "allowed" base layers

MAINTAINER

  • Should be followed by exactly 1 parameter (@ sign)

RUN

  • sudo is not included in the command
  • apt-get [install | upgrade | remove] should include a -y flag
  • apt-get install commands should include a --no-install-recommends flag
  • apt-get install commands should be paired with a rm -rf /var/lib/apt/lists/* in the same layer
  • Avoid running apt-get upgrade or apt-get dist-upgrade
  • Never run apt-get update without apt-get install on the same line
  • apk add commands should include a --no-cache flag or be paired with an --update flag with rm -rf /var/cache/apk/* in the same layer
  • apk add support for --virtual flag
  • handle best practices for yum operations and cleanup

CMD

  • Only a single CMD layer is allowed
  • Better handling of escaped quotes
  • Detect exec format with expected variable substitution

LABEL

  • Format should be key=value

EXPOSE

  • Only the container port should be listed
  • All ports should be exposed in a single cache layer (line)
  • The same port number should not be exposed multiple times
  • Exposed ports should be numeric and in the accepted range

ENV

  • Format of ENV
  • Best practice of only using a single ENV line to reduce cache layer count

ADD

  • Command should have at least 2 parameters
  • Source command(s) cannot be absolute or relative paths that exist outside of the current build context
  • Commands with wildcards or multiple sources require that destination is a directory, not a file
  • If an ADD command could be a COPY, then COPY is preferred
  • Using ADD to fetch remote files is discouraged because they cannot be removed from the layer

COPY

  • Implement checking (similar to ADD)
  • Do not COPY multiple files on a single command to best use cache

ENTRYPOINT

  • Support

VOLUME

  • Format
  • Any build steps after VOLUME is declare should not change VOLUME contents
  • If JSON format, double quotes are required

USER

  • Should be followed by exactly 1 parameter

WORKDIR

  • Validate that it has exactly 1 parameter
  • WORKDIR can only expand variables previously set in ENV commands

ARG

  • Support
  • Prevent redefining the built in ARGs (proxy)

ONBUILD

  • Support

STOPSIGNAL

  • Validate input
  • Only present one time

Misc

  • Only valid Dockerfile commands are present
  • All commands should have at least 1 parameter
  • Check that commands are written as upper case commands