在使用Docker构建节点应用程序映像时,如何摆脱package-lock.json警告?

时间:2019-04-22 10:18:52

标签: node.js docker npm warnings

我正在与Docker一起创建一个小节点应用程序映像,我想摆脱以下警告:

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN webserver@1.0.0 No description
npm WARN webserver@1.0.0 No repository field.

建立图片时

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/5 : FROM node:alpine
 ---> cd4fae427afc
Step 2/5 : COPY ./package.json ./
 ---> 990e1ee0398d
Step 3/5 : RUN npm install
 ---> Running in 8ffb61d273e4
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN webserver@1.0.0 No description
npm WARN webserver@1.0.0 No repository field.

added 48 packages from 36 contributors and audited 121 packages in 1.675s
found 0 vulnerabilities

Removing intermediate container 8ffb61d273e4
 ---> fff34a1d0b4e
Step 4/5 : COPY ./ ./
 ---> ace2bc83a3f9
Step 5/5 : CMD [ "npm", "start" ]
 ---> Running in fa9d0a961867
Removing intermediate container fa9d0a961867
 ---> 34a593a4b338
Successfully built 34a593a4b338
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

我的Dockerfile

FROM node:alpine

COPY ./package.json ./
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]
//Load express module with `require` directive
var express = require('express')
var app = express()

//Define request response in root URL (/)
app.get('/', (req, res) => {
    res.send('How are you doing');
});

//Launch listening server on port 8081
app.listen(8080, () => {
    console.log('Listening on port 8080');
});

package.json

{
  "name": "webserver",
  "version": "1.0.0",
  "description": "",
  "repository": "",
  "main": "index.js",
  "scripts": {
    "start": "node index.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "*"
  }
}

我也觉得有些奇怪,因为上面的description中同时存在repositorypackage.json字段不足的警告。

2 个答案:

答案 0 :(得分:1)

根据答案here

我可以在中间容器中全局禁用package-lock.json:

RUN npm config set package-lock false
FROM node:alpine

COPY ./package.json ./
RUN npm config set package-lock false
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]

现在输出:

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/6 : FROM node:alpine
 ---> cd4fae427afc
Step 2/6 : COPY ./package.json ./
 ---> Using cache
 ---> 94e9c22361a2
Step 3/6 : RUN npm config set package-lock false
 ---> Using cache
 ---> 8d3df1028a80
Step 4/6 : RUN npm install
 ---> Using cache
 ---> 254d4ccce8ac
Step 5/6 : COPY ./ ./
 ---> Using cache
 ---> 48a1990903a6
Step 6/6 : CMD [ "npm", "start" ]
 ---> Using cache
 ---> 53cf819f42e7
Successfully built 53cf819f42e7
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

答案 1 :(得分:0)

您不应将时间用于此类事情。在构建应用程序时,最好添加package-lock.json文件。如果您真的不想提供此文件,请忽略警告消息。