With my vendor hat:
This means anyone extending the base image in their Dockerfile need to delete the node_modules directory first before they do npm install to install the exact set of packages and their dependencies that they want. They would this for various reasons for example they went over all the dependency graph not just the top level and made sure there are no legal/license problems, security CVEs, and maybe some packages for their own purpose. This will increase the image size with a layer that never get use. The alternative is that the provider can have a Docker file that doesn’t extend the openwhisk base image and instead extend the nodejs base image and use the new from feature from Dockerfile to copy the 2 or 3 files out of the base openwhisk image. Now with my Apache Hat: You will need to blessed and do legal clearance of the npm packages and all their dependencies to make sure their are compatible with Apache and then maintain currency with the versions that for currency and also security patches. I know that nodejs6 includes a bunch of npm packages but I was hoping to delete nodejs:6 from the repo for this reason before graduation to avoid any problems when going into graduation. PS: Anyone is welcome to use the image ibmfunctions/action-nodejs-v10 for nodejs:10 in their runtimes.json is fully compatible with any openwhisk deployment. This is the one I use locally in my Mac with docker-compose deploy. - Carlos Santana @csantanapr > On Feb 16, 2019, at 8:57 AM, Dominic Kim <[email protected]> wrote: > > +1 on this. > > > Best regards > Dominic > > > 2019년 2월 16일 (토) 오전 10:53, Rodric Rabbah <[email protected]>님이 작성: > >> Hello, >> >> A few times in recent weeks and twice this past week there was discussion >> on slack about our nodejs8 and nodejs10 images and the lack of packages in >> these images. As we move to deprecate nodejs6 with its coming end of life, >> this is worth re-considering: should we include some popular images in the >> base image? >> >> We had previously eschewed packages because the thought was providers roll >> their own. But I'm finding that our nodejs6 runtime more convenient for >> some development because of its built-in packages. >> >> So I opened a draft PR (new on GitHub!) to add some packages to our images >> here: >> https://github.com/apache/incubator-openwhisk-runtime-nodejs/pull/111 >> >> Feedback welcome and especially appreciated if you aren't a provider that >> runs their own images. >> >> -r >>
