Last Updated: November 21, 2025
Dockerfile Tips
FROM node:18-alpine AS builder
Use multistage builds for smaller output
RUN --mount=type=cache,target=/root/.cache
Cache package installs
COPY --from=builder /app /app
Copy built artifacts
Compose & Runtime
| Feature | Why |
|---|---|
docker-compose up --build
|
Bring multi-service stack online |
healthcheck
|
Restart unhealthy containers automatically |
read-only rootfs
|
Limit runtime writes |
Security
Scan with `docker scan`/Trivy, drop Linux capabilities, and use non-root users in containers.
💡 Pro Tip:
Default to `docker buildx` with BuildKit, scan images, and avoid apt-get install mistakes.