How to get rid of the package-lock.json warning when building a node app image with Docker?

Question

I am playing with Docker to create a small node app image and I would like to get rid of the warning below:

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN webserver@1.0.0 No description
npm WARN webserver@1.0.0 No repository field.

when building my image

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/5 : FROM node:alpine
 ---> cd4fae427afc
Step 2/5 : COPY ./package.json ./
 ---> 990e1ee0398d
Step 3/5 : RUN npm install
 ---> Running in 8ffb61d273e4
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN webserver@1.0.0 No description
npm WARN webserver@1.0.0 No repository field.

added 48 packages from 36 contributors and audited 121 packages in 1.675s
found 0 vulnerabilities

Removing intermediate container 8ffb61d273e4
 ---> fff34a1d0b4e
Step 4/5 : COPY ./ ./
 ---> ace2bc83a3f9
Step 5/5 : CMD [ "npm", "start" ]
 ---> Running in fa9d0a961867
Removing intermediate container fa9d0a961867
 ---> 34a593a4b338
Successfully built 34a593a4b338
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

My Dockerfile

FROM node:alpine

COPY ./package.json ./
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]

//Load express module with `require` directive
var express = require('express')
var app = express()

//Define request response in root URL (/)
app.get('/', (req, res) => {
    res.send('How are you doing');
});

//Launch listening server on port 8081
app.listen(8080, () => {
    console.log('Listening on port 8080');
});

and package.json:

{
  "name": "webserver",
  "version": "1.0.0",
  "description": "",
  "repository": "",
  "main": "index.js",
  "scripts": {
    "start": "node index.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "*"
  }
}

I also think it's kinda weird that there is also a warning about the lack description and repository fields since both are present in my package.json above.

Your `package.json` *doesn't* have a repository field, and the description field is empty (and therefore false-y). Have you tried copying in the lockfile too? — jonrsharpe, Apr 22 '19 at 10:21
@jonrsharpe fair enough didn't think about the false-y thing. The thing is that the `package-lock.json` occurs in the intermediate image / container so I am not sure I can do that before. — Natalie Perret, Apr 22 '19 at 10:24
I mean copying in the lockfile from *outside* the container, so that it doesn't warn you it had to create one. — jonrsharpe, Apr 22 '19 at 10:25
@jonrsharpe my point was to have it done inside the container =/ — Natalie Perret, Apr 22 '19 at 10:27
Have *what* done inside the container? If you want the lockfile to be recreated inside the container, ignore the warning (but then what's the point of a lockfile?) — jonrsharpe, Apr 22 '19 at 10:27
@jonrsharpe hm I just disabled it: adding `RUN npm config set package-lock false` to my `Dockerfile` — Natalie Perret, Apr 22 '19 at 10:32

score 3 · Accepted Answer · answered Apr 22 '19 at 10:38

According to the answer here

I can disable package-lock.json globally in the intermediate container:

RUN npm config set package-lock false

FROM node:alpine

COPY ./package.json ./
RUN npm config set package-lock false
RUN npm install
COPY ./ ./

CMD [ "npm", "start" ]

Which now outputs:

PS C:\Users\eperret\Desktop\webserver> docker build .
Sending build context to Docker daemon  4.096kB
Step 1/6 : FROM node:alpine
 ---> cd4fae427afc
Step 2/6 : COPY ./package.json ./
 ---> Using cache
 ---> 94e9c22361a2
Step 3/6 : RUN npm config set package-lock false
 ---> Using cache
 ---> 8d3df1028a80
Step 4/6 : RUN npm install
 ---> Using cache
 ---> 254d4ccce8ac
Step 5/6 : COPY ./ ./
 ---> Using cache
 ---> 48a1990903a6
Step 6/6 : CMD [ "npm", "start" ]
 ---> Using cache
 ---> 53cf819f42e7
Successfully built 53cf819f42e7
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

score 0 · Answer 2 · answered Apr 22 '19 at 14:46

0

You should not use your time for something like this. It is a good idea to add package-lock.json file when building your application. If you REALLY want to not provide this file, just ignore the warning message.

answered Apr 22 '19 at 14:46

HTN

3,388
1
8
18

It is not something that I would try to find an answer. If there were 100 lines of warning, it would be different, but here, we have only 3 lines. – HTN Apr 23 '19 at 07:07
I did that on my spare time, and I am totally fine """wasting""" my time like that. – Natalie Perret Apr 23 '19 at 07:51
getting rid of the warning is useful if you want a no-warning policy (you otherwise get used to it being red) – ymajoros Oct 10 '19 at 11:22

How to get rid of the package-lock.json warning when building a node app image with Docker?

2 Answers2