Alpine Node 18 image is using unofficial builds?

[az-nextsec]

Both alpine 3.17 and alpine 3.18 images are using unofficial builds as the source for node 18

https://github.com/nodejs/docker-node/blob/e148eb79f51510593647e6a10574f8931bf16384/18/alpine3.18/Dockerfile https://github.com/nodejs/docker-node/blob/main/18/alpine3.17/Dockerfile

The unofficial builds site (https://unofficial-builds.nodejs.org/) has a warning that these builds are not tested:

unofficial-builds attempts to provide basic Node.js binaries for some platforms that either not supported or only partially supported by Node.js. This project does not provide any guarantees and its results are not rigorously tested. Builds made available at nodejs.org have very high quality standards for code quality, support on the relevant platforms platforms and for timing and methods of delivery. Builds made available by unofficial-builds have minimal or no testing; the platforms may have no inclusion in the official Node.js test infrastructure. These builds are made available for the convenience of their user community but those communities are expected to assist in their maintenance.

Other images, e.g. bookworm, use nodejs.org/dist source: https://github.com/nodejs/docker-node/blob/main/18/bookworm/Dockerfile

Is there a reason alpine images are using unofficial builds?

[SimenB]

That's the only build for MUSL that's available - alternative is to build it ourselves which wouldn't be any safer (or just drop Alpine altogether)