search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.75k stars 3.89k forks source link

Update: Node.js Docker Cheat Sheet #1269

Closed exwar closed 9 months ago

exwar commented 9 months ago

What is missing or needs updating?

The current cheatsheet advises using npm ci --only=production to install only production dependencies in the image.

However, with the current NPM CLI version, using --only=production triggers a warning, suggesting the use of --omit=dev.

$ npm ci --only=production npm WARN config only Use --omit=dev to omit dev dependencies from the install.

How to resolve?

Update relevant commands in the cheatsheet to use npm ci --omit=dev instead of npm ci --only=production.

szh commented 9 months ago

Thank you for catching this @exwar. Would you like to submit a PR to change this?

exwar commented 9 months ago

@szh Absolutely, please see #1270