{"id":13416493,"url":"https://github.com/replicatedhq/dockerfilelint","last_synced_at":"2025-05-15T03:08:50.491Z","repository":{"id":3885858,"uuid":"51224237","full_name":"replicatedhq/dockerfilelint","owner":"replicatedhq","description":"An opinionated Dockerfile linter.","archived":false,"fork":false,"pushed_at":"2023-09-27T20:58:01.000Z","size":420,"stargazers_count":1011,"open_issues_count":54,"forks_count":83,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-05-12T04:57:16.563Z","etag":null,"topics":["dockerfile","linter"],"latest_commit_sha":null,"homepage":"https://www.fromlatest.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/replicatedhq.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-02-06T22:02:43.000Z","updated_at":"2025-05-11T09:45:58.000Z","dependencies_parsed_at":"2024-02-04T10:04:39.157Z","dependency_job_id":"411ba449-f09a-4555-b591-06eab71b41eb","html_url":"https://github.com/replicatedhq/dockerfilelint","commit_stats":{"total_commits":91,"total_committers":22,"mean_commits":4.136363636363637,"dds":0.6373626373626373,"last_synced_commit":"f7bdc892c28763cae835bc69ada55d20f65ed61e"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Fdockerfilelint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Fdockerfilelint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Fdockerfilelint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Fdockerfilelint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/replicatedhq","download_url":"https://codeload.github.com/replicatedhq/dockerfilelint/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254264771,"owners_count":22041794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dockerfile","linter"],"created_at":"2024-07-30T21:00:59.671Z","updated_at":"2025-05-15T03:08:45.476Z","avatar_url":"https://github.com/replicatedhq.png","language":"JavaScript","readme":"# Linter and validator for Dockerfile\n\n[![Coverage Status](https://coveralls.io/repos/github/replicatedhq/dockerfilelint/badge.svg?branch=master)](https://coveralls.io/github/replicatedhq/dockerfilelint?branch=master)\n[![Build Status](https://travis-ci.org/replicatedhq/dockerfilelint.svg?branch=master)](https://travis-ci.org/replicatedhq/dockerfilelint)\n\n`dockerfilelint` is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.\n\n## Installation\n\nGlobal installation with npm package manager.\n\n```shell\nnpm install -g dockerfilelint\n```\n\n## Testing\nStart unit tests with `npm test`, `yarn run test`, or `docker-compose -f docker-compose.test.yml up`\n\n## Running\n\n#### From the command line:\n\n```shell\n./bin/dockerfilelint \u003cpath/to/Dockerfile\u003e\n```\n\n#### Command Line options\n\n```shell\nUsage: dockerfilelint [files | content..] [options]\n\nOptions:\n  -o, --output   Specify the format to use for output of linting results. Valid values\n                 are `json` or `cli` (default).                               [string]\n  -j, --json     Output linting results as JSON, equivalent to `-o json`.    [boolean]\n  -v, --version  Show version number                                         [boolean]\n  -h, --help     Show help                                                   [boolean]\n\nExamples:\n  dockerfilelint Dockerfile         Lint a Dockerfile in the current working\n                                    directory\n\n  dockerfilelint test/example/* -j  Lint all files in the test/example directory and\n                                    output results in JSON\n\n  dockerfilelint 'FROM latest'      Lint the contents given as a string on the\n                                    command line\n\n  dockerfilelint \u003c Dockerfile       Lint the contents of Dockerfile via stdin\n```\n\n#### Configuring\n\nYou can configure the linter by creating a `.dockerfilelintrc` with the following syntax:\n```yaml\nrules:\n  uppercase_commands: off\n```\n\nThe keys for the rules can be any file in the /lib/reference.js file.  At this time, it's only possible to disable rules.  They are all enabled by default.\n\nThe following rules are supported:\n```\nrequired_params\nuppercase_commands\nfrom_first\ninvalid_line\nsudo_usage\napt-get_missing_param\napt-get_recommends\napt-get-upgrade\napt-get-dist-upgrade\napt-get-update_require_install\napkadd-missing_nocache_or_updaterm\napkadd-missing-virtual\ninvalid_port\ninvalid_command\nexpose_host_port\nlabel_invalid\nmissing_tag\nlatest_tag\nextra_args\nmissing_args\nadd_src_invalid\nadd_dest_invalid\ninvalid_workdir\ninvalid_format\napt-get_missing_rm\ndeprecated_in_1.13\n```\n\n#### From a Docker container\n\n(Replace the ``pwd``/Dockerfile with the path to your local Dockerfile)\n```shell\ndocker run -v `pwd`/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile\n```\n\n#### Online\n\nIf you don't want to install this locally you can try it out on  [https://fromlatest.io](https://www.fromlatest.io/#/).\n\n## Checks performed\n\n### `FROM`\n\n- [x] This should be the first command in the Dockerfile\n- [x] Base image should specify a tag\n- [x] Base image should not use latest tag\n- [x] Support `FROM scratch` without a tag\n- [x] Support the `FROM \u003cimage\u003e@\u003cdigest\u003e` syntax\n- [ ] Allow config to specify \"allowed\" base layers\n\n### `MAINTAINER`\n\n- [x] Should be followed by exactly 1 parameter (@ sign)\n\n### `RUN`\n\n- [x] sudo is not included in the command\n- [x] apt-get [install | upgrade | remove] should include a -y flag\n- [x] apt-get install commands should include a `--no-install-recommends` flag\n- [x] apt-get install commands should be paired with a `rm -rf /var/lib/apt/lists/*` in the same layer\n- [x] Avoid running `apt-get upgrade` or `apt-get dist-upgrade`\n- [x] Never run `apt-get update` without `apt-get install` on the same line\n- [x] apk add commands should include a `--no-cache` flag or be paired with an `--update` flag with `rm -rf /var/cache/apk/*` in the same layer\n- [x] apk add support for --virtual flag\n- [ ] handle best practices for yum operations and cleanup\n\n### `CMD`\n\n- [x] Only a single `CMD` layer is allowed\n- [ ] Better handling of escaped quotes\n- [ ] Detect exec format with expected variable substitution\n\n### `LABEL`\n\n- [x] Format should be key=value\n\n### `EXPOSE`\n\n- [x] Only the container port should be listed\n- [ ] All ports should be exposed in a single cache layer (line)\n- [ ] The same port number should not be exposed multiple times\n- [x] Exposed ports should be numeric and in the accepted range\n\n### `ENV`\n\n- [x] Format of `ENV`\n- [ ] Best practice of only using a single `ENV` line to reduce cache layer count\n\n### `ADD`\n\n- [x] Command should have at least 2 parameters\n- [x] Source command(s) cannot be absolute or relative paths that exist outside of the current build context\n- [x] Commands with wildcards or multiple sources require that destination is a directory, not a file\n- [ ] If an `ADD` command could be a `COPY`, then `COPY` is preferred\n- [ ] Using `ADD` to fetch remote files is discouraged because they cannot be removed from the layer\n\n### `COPY`\n\n- [ ] Implement checking (similar to ADD)\n- [ ] Do not `COPY` multiple files on a single command to best use cache\n\n### `ENTRYPOINT`\n\n- [ ] Support\n\n### `VOLUME`\n\n- [ ] Format\n- [ ] Any build steps after VOLUME is declare should not change VOLUME contents\n- [ ] If JSON format, double quotes are required\n\n### `USER`\n\n- [x] Should be followed by exactly 1 parameter\n\n### `WORKDIR`\n\n- [x] Validate that it has exactly 1 parameter\n- [x] `WORKDIR` can only expand variables previously set in `ENV` commands\n\n### `ARG`\n\n- [ ] Support\n- [ ] Prevent redefining the built in ARGs (proxy)\n\n### `ONBUILD`\n\n- [ ] Support\n\n### `STOPSIGNAL`\n\n- [ ] Validate input\n- [ ] Only present one time\n\n### `HEALTHCHECK`\n- [x] No additional parameters when only parameter is `NONE`\n- [x] Options before `CMD` are valid\n- [x] Options before `CMD` have additional arguments\n\n### Misc\n\n- [x] Only valid Dockerfile commands are present\n- [x] All commands should have at least 1 parameter\n- [x] Check that commands are written as upper case commands\n","funding_links":[],"categories":["Docker Images","JavaScript","Linters"],"sub_categories":["Linter","Dockerfile"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplicatedhq%2Fdockerfilelint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freplicatedhq%2Fdockerfilelint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplicatedhq%2Fdockerfilelint/lists"}