openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Santana <>
Subject Re: nodejs runtime packages in base images
Date Sat, 16 Feb 2019 14:12:55 GMT

With my vendor hat:

This means anyone extending the base image in their Dockerfile need to delete the node_modules
directory first before they do npm install to install the exact set of packages and their
dependencies that they want. They would this for various reasons for example they went over
all the dependency graph not just the top level and made sure there are no legal/license problems,
security CVEs, and maybe some packages for their own purpose. 

This will increase the image size with a layer that never get use. 

The alternative is that the provider can have a Docker file that doesn’t extend the openwhisk
base image and instead extend the nodejs base image and use the new from feature from Dockerfile
to copy the 2 or 3 files out of the base openwhisk image. 

Now with my Apache Hat:
You will need to blessed and do legal clearance of the npm packages and all their dependencies
to make sure their are compatible with Apache and then maintain currency with the versions
that for currency and also security patches. 

I know that nodejs6 includes a bunch of npm packages but I was hoping to delete nodejs:6 from
the repo for this reason before graduation to avoid any problems when going into graduation.

PS: Anyone is welcome to use the image ibmfunctions/action-nodejs-v10 for nodejs:10 in their
runtimes.json is fully compatible with any openwhisk deployment. This is the one I use locally
in my Mac with docker-compose deploy. 

- Carlos Santana

> On Feb 16, 2019, at 8:57 AM, Dominic Kim <> wrote:
> +1 on this.
> Best regards
> Dominic
> 2019년 2월 16일 (토) 오전 10:53, Rodric Rabbah <>님이 작성:
>> Hello,
>> A few times in recent weeks and twice this past week there was discussion
>> on slack about our nodejs8 and nodejs10 images and the lack of packages in
>> these images. As we move to deprecate nodejs6 with its coming end of life,
>> this is worth re-considering: should we include some popular images in the
>> base image?
>> We had previously eschewed packages because the thought was providers roll
>> their own. But I'm finding that our nodejs6 runtime more convenient for
>> some development because of its built-in packages.
>> So I opened a draft PR (new on GitHub!) to add some packages to our images
>> here:
>> Feedback welcome and especially appreciated if you aren't a provider that
>> runs their own images.
>> -r

View raw message