/scratch-node

Distroless Node.js Docker Images

Primary LanguageDockerfileMIT LicenseMIT

Distroless Node.js Docker Images

Multi-architecture distroless Node.js Docker images.

Content

  • The Node.js binary, statically linked using musl, with opt-in support for i18n data
  • The musl dynamic linker, to support native modules
  • A /etc/passwd entry for a node user

Images

Multi-architecture images for amd64, arm32v6, arm32v7 and arm64v8:

  • latest, 18, 18.10, 18.10.0 – 18.7 MB / 47.5 MB
  • 17, 17.7, 17.7.2 – 17.9 MB / 46.4 MB
  • 16, 16.14, 16.14.2 – 17.1 MB / 43.0 MB
  • 15, 15.14, 15.14.0 – 16.7 MB / 42.7 MB
  • 14, 14.17, 14.17.0 – 15.9 MB / 41.7 MB
  • 13, 13.14, 13.14.0 – 14.8 MB / 39.0 MB
  • 12, 12.22, 12.22.1 – 15.2 MB / 39.8 MB
  • 10, 10.22, 10.22.0 – 13.3 MB / 34.1 MB
  • 8, 8.17, 8.17.0 – 11.2 MB / 30.1 MB

The image sizes are compressed / unpacked. They are published to the following repositories:

Usage

FROM node as builder

WORKDIR /app

COPY package.json package-lock.json index.js ./

RUN npm install --prod

FROM astefanutti/scratch-node

COPY --from=builder /app /

ENTRYPOINT ["node", "index.js"]

Native modules

Native modules need to be statically compiled with musl to be loadable. This can easily be achieved by updating the above example with:

FROM node:alpine as builder

RUN apk update && apk add make g++ python

WORKDIR /app

COPY package.json package-lock.json index.js ./

RUN LDFLAGS='-static-libgcc -static-libstdc++' npm install --build-from-source=<native_module>

FROM astefanutti/scratch-node

COPY --from=builder /app /

ENTRYPOINT ["node", "index.js"]

Internationalization

The Node binaries are linked against the ICU library statically, and include a subset of ICU data (typically only the English locale) to keep the image sizes small. Additional locales data can be provided if needed, so that methods work for all ICU locales. It can be made available to ICU by retrieving the locales data from the ICU sources, e.g.:

FROM alpine as builder

RUN apk update && apk add curl

# Note the exact version of icu4c that's compatible depends on the Node version!
RUN curl -Lsq -o icu4c-71_1-src.zip https://github.com/unicode-org/icu/releases/download/release-71-1/icu4c-71_1-src.zip \
    && unzip -q icu4c-71_1-src.zip

FROM astefanutti/scratch-node:18.10.0

COPY --from=builder /icu/source/data/in/icudt71l.dat /icu/

ENV NODE_ICU_DATA=/icu

More information can be found in the Providing ICU data at runtime from the Node.js documentation.

Build

The image can be built by executing the following commands:

$ git clone https://github.com/astefanutti/scratch-node
$ cd scratch-node
$ docker build --build-arg version=<nodejs_version> --build-arg arch=<target_architecture> .