Quite often, one of the most time-taking parts of the build process is the installation of dependencies. This process is traditionally slow because package managers choose stability over performance. And this perfectly makes sense: if something terrible happens, the system must remain in a usable state.
However, stability is not very important when building an image: if the build fails, the system discards the image, and you have to start over.
This post provides some tips on how to use eatmydata to speed up some operations by the example of Debian-based images.
No matter how much you trust in the npmjs package registry in general and in packages you are using in particular, Bad Things™ always happen. They happen to the best of us. Even a small Node.js project may have thousands of dependencies, which makes it virtually impossible for a developer to monitor and audit them all.
An NPM package has two main ways to harm you: the first one is when you install it, and the second one is when you actually use it. The first way is possible because of the so-called “lifecycle scripts” run by npm. And even though one of the earliest attacks exploiting lifecycle scripts dates back to 2017, developers still do not take measures to protect their data.
This post explains how to protect sensitive information (such as authentication tokens) when running CI builds.