Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

Run npm and yarn inside docker [1].

Infact, do this for all risky tools[2]

1 - https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...

2 - https://ashishb.net/programming/run-tools-inside-docker/



I think it's better to not run npm as root user on container. I would suggest adding --user 1000 to your docker run command.


> I think it's better to not run npm as root user on container. I would suggest adding --user 1000 to your docker run command.

Good point. Here's the improvement that work for me

https://github.com/ashishb/dotfiles/commit/fe4fb15fe867bf77a...


It gets tricky with private dependencies, then you have to pass some sort of token into the container to authenticate with the host when installing dependencies.


Definitely.

Would you prefer doing those tricks or exposing everything on your machine to random npm packages?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: