{"id":23204651,"url":"https://github.com/bryopsida/scratch-node-fips","last_synced_at":"2026-02-15T12:37:31.326Z","repository":{"id":266974872,"uuid":"886332643","full_name":"bryopsida/scratch-node-fips","owner":"bryopsida","description":"An experiment trying to make a scratch node image","archived":false,"fork":false,"pushed_at":"2025-03-31T20:50:47.000Z","size":17,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-13T19:41:28.143Z","etag":null,"topics":["docker-image","dockerfile","fips","multi-platform","nodejs","scratch"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bryopsida.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-10T18:46:48.000Z","updated_at":"2025-03-31T20:50:50.000Z","dependencies_parsed_at":"2025-08-13T19:29:17.945Z","dependency_job_id":null,"html_url":"https://github.com/bryopsida/scratch-node-fips","commit_stats":null,"previous_names":["bryopsida/scratch-node-fips"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bryopsida/scratch-node-fips","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryopsida%2Fscratch-node-fips","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryopsida%2Fscratch-node-fips/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryopsida%2Fscratch-node-fips/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryopsida%2Fscratch-node-fips/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bryopsida","download_url":"https://codeload.github.com/bryopsida/scratch-node-fips/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryopsida%2Fscratch-node-fips/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29478355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T11:35:25.641Z","status":"ssl_error","status_checked_at":"2026-02-15T11:34:57.128Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","dockerfile","fips","multi-platform","nodejs","scratch"],"created_at":"2024-12-18T16:19:36.303Z","updated_at":"2026-02-15T12:37:31.310Z","avatar_url":"https://github.com/bryopsida.png","language":"Dockerfile","readme":"# Scratch Node Fips\n\n## What is this?\n\nAn investigation into the practicality of using Node.JS with a scratch base layer.\n\n## How?\n\nNode.JS statically compiles a large portion of things but there are still a few libraries that are dynamiclly loaded at runtime. You can find these library files using `ldd`. The `shell.Dockerfile` was used to explore dependencies of binaries using `ldd` and then craft the `COPY` instructions for the dockerfile.\n\n## Why?\n\nReduces attack surface to the absolute minimum by removing everything that's not required to function.\n\n## What doesn't this cover?\n\n### Packages that use node native addons\n\nNode.JS also has `.node` files which are native compiled modules that can also link additional libraries. If you use any libraries that make use of libraries, you'll need to ensure those are copied over as well from your build layer. *Hint* you can find all .node files in your node_modules folder and run ldd checks.\n\n### Packages that use shell executions\n\nThis intentionally does not have a shell. Any libraries that use shell executions for spawning will fail.\n\n### Packages that use binaries that do not exist\n\nThis intentionally does not have common linux tools/binaries, if a library wraps a CLI tool you must copy that in along with any libraries it uses.\n\n## How could this be further improved?\n\nIdeally the needed libraries should be detected, copied into a folder tree in a intermediary layer, and then copied into the scratch layer.\n\n## Tips\n\nRemember that `.node` files can be dynamically compiled and/or pulled during `npm install`, and behavior can vary based on what arch is targetted. You'll want to inspect the `.node` files built/installed from a intermediary layer. Not your host machine.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbryopsida%2Fscratch-node-fips","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbryopsida%2Fscratch-node-fips","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbryopsida%2Fscratch-node-fips/lists"}