@tdurieux/docker-parfum

Repair docker-smell automatically

https://github.com/tdurieux/docker-parfum

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (8.2%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

Repair docker-smell automatically

Basic Info
Statistics
  • Stars: 11
  • Watchers: 2
  • Forks: 4
  • Open Issues: 0
  • Releases: 1
Created over 3 years ago · Last pushed about 2 years ago
Metadata Files
Readme License Citation

README.md

Docker-Parfum

CI NPM Version

Parfum is a tool to detect and repair smells in Dockerfile smells.

The impact of the smells is described in the paper "Empirical Study of the Docker Smells Impact on the Image Size".

Docker-Parfum currently supports 32 rules that have been partially identified by Henkel et al. in "Learning from, Understanding, and Supporting DevOps Artifacts for Docker"

Build

npm run build

Usage

Web-based

You can use the web version of Docker-Parfum https://durieux.me/docker-parfum/ (The website is purely static no data is sent).

CLI

bash npm i -g @tdurieux/docker-parfum docker-parfum repair <dockerfile>

``` Usage: docker-parfum [options] [command]

Options: -h, --help display help for command

Commands: rules List the supported rules repair [options] Repair the Dockerfile smells analyze Analyze a Dockerfile file for smells help [command] display help for command ```

API

```typescript import { DockerParser, File } from "@tdurieux/dinghy"; import { Matcher, rules } from "@tdurieux/docker-parfum";

const dockerParser = new DockerParser(new File(,)); // the path or the content can be provided const ast = await dockerParser.parse(); const matcher = new Matcher(dockerfile); const violations = matcher.match(rules.aptGetInstallThenRemoveAptLists); // look for a specific rule const allViolations = matcher.matchAll();

for (const violation of allViolations) { await violation.repair(); // repair the violation }

const repairedDockerfile = ast.toString(true); ```

Browser

```javascript const dockerParser = new dockerParfum.dinghy.dockerfileParser.DockerParser( new dockerParfum.dinghy.File(undefined, dockerfile) );

const ast = await dockerParser.parse(); const matcher = new dockerParfum.Matcher(ast); const violations = matcher.match( dockerParfum.rules.aptGetInstallThenRemoveAptLists ); // look for a specific rule const violations = matcher.matchAll();

for (const violation of allViolations) { await violation.repair(); // repair the violation }

const repairedDockerfile = ast.toString(true); ```

Enricher

```typescript import * as dindhy from "@tdurieux/dinghy"; import { enricher } from "@tdurieux/docker-parfum";

const ast = await dindhy.parseDocker(/* file */); enricher.enrich(ast); ast.find(dindhy.nodeType.Q("SC-APT-PACKAGE")); ```

Supported Rules

| # | Rule | Description | | --- | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 1 | curlUseFlagL | The -L option in curl stands for "follow redirects." When this option is used, curl will follow any redirects that it encounters when making an HTTP request. This can be useful in a Dockerfile if you want to download a file from a URL that may redirect to another URL. | | 2 | ruleMoreThanOneInstall | All apt-get installs should be grouped into one. | | 3 | curlUseFlagF | Using curl -f in a Dockerfile can help to prevent the build from failing if the HTTP request returns an error code >= 400. | | 4 | npmCacheCleanAfterInstall | Running npm cache clean after npm install in a Dockerfile can help to reduce the size of the image and ensure that the latest version of packages are installed. | | 5 | npmCacheCleanUseForce | Using the --force flag with npm cache clean can override the default behavior of npm and force the cache to be cleaned, even if it is not more than 3 days old or if npm is in a "read-only" state. | | 6 | yarnCacheCleanAfterInstall | yarn keeps a local cache of downloaded packages. This unnecessarily increases image size. It can be cleared by executing yarn cache clean. | | 7 | rmRecursiveAfterMktempD | Using mktemp -d followed by rm -r in a Dockerfile can create and delete a temporary directory, helping to keep the image small and clean up sensitive data. | | 8 | curlUseHttpsUrl | Using https instead of http with curl in a Dockerfile can provide an encrypted connection for transferring data and ensure that curl can access resources that may require https. | | 9 | wgetUseHttpsUrl | Using https instead of http with wget in a Dockerfile can provide an encrypted connection for transferring data and ensure that wget can access resources that may require https. | | 10 | pipUseNoCacheDir | Using the --no-cache-dir flag with pip in a Dockerfile can disable the package cache, ensuring that the latest version of a package and its dependencies are installed. | | 11 | mkdirUsrSrcThenRemove | Running rm -rf /usr/src* after creating the /usr/src directory in a Dockerfile helps keep the file system organized, reduce clutter, and free up space, but it is important to be cautious when using the rm -rf command. | | 12 | configureShouldUseBuildFlag | Passing the --build flag to ./configure in a Dockerfile can help to ensure that the configure script correctly detects the current build environment and generates the correct Makefiles. | | 13 | gemUpdateSystemRmRootGem | Removing the /root/.gem directory after running gem update --system can ensure that all of the installed gems are compatible with the new version of gem and that the image starts with a clean slate. | | 14 | sha256sumEchoOneSpaces | The sha256sum command reads input from stdin with one space as a separator in order to distinguish the input from a filename. | | 15 | gemUpdateNoDocument | Adding the --no-document flag to the .gemrc config file or using it with gem update can speed up the update process by skipping the installation of documentation for updated gems. | | 16 | gpgVerifyAscRmAsc | It is generally good practice to remove the .asc file after verifying its signature because the .asc file serves no further purpose once the signature has been verified. | | 17 | yumInstallForceYes | Using the -y flag with yum install in a Dockerfile allows for fully automated package installation, but it is important to carefully consider the packages being installed to avoid potential issues or conflicts. | | 18 | yumInstallRmVarCacheYum | Removing the /var/cache/yum directory after running yum install in a Dockerfile helps reduce the size of the final image and can improve build times, as well as prevent issues caused by outdated or inconsistent cache data. | | 19 | tarSomethingRmTheSomething | Removing the .tar file after extracting its contents in a Dockerfile helps reduce the size of the final image and can improve build times, as well as keep the file system organized and reduce clutter. | | 20 | gpgUseBatchFlag | Using the --batch flag with gpg in a Dockerfile allows the command to run without user input, but it is important to carefully consider the implications of using the flag to ensure that it is appropriate for the task at hand. | | 21 | gpgUseHaPools | Using ha.pool._ instead of pool._ with gpg in a Dockerfile improves key server access reliability and efficiency. | | 22 | aptGetInstallUseY | Using the -y flag with apt-get install in a Dockerfile allows for fully automated package installation, but it is important to carefully consider the packages being installed to avoid potential issues or conflicts. | | 23 | aptGetInstallUseNoRec | Using the --no-install-recommends flag with apt-get install in a Dockerfile helps save layer space, improve build times, and reduce the size and attack surface of the final image, as well as prevent hidden dependencies. | | 24 | aptGetUpdatePrecedesInstall | Running apt-get update and apt-get install in a single layer in a Dockerfile improves efficiency, reliability, and readability. | | 25 | aptGetInstallThenRemoveAptLists | Running rm -rf /var/lib/apt/lists/* after apt-get install in a Dockerfile can improve efficiency and reduce the size of the image. | | 26 | apkAddUseNoCache | Using the --no-cache flag with apk add in a Dockerfile can help prevent issues caused by installing outdated packages and ensure that the latest version of a package is installed, but it can increase build times. | | 27 | DL3002 | Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root. | | 28 | DL3004 | Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root. | | 29 | DL3020 | Use COPY instead of ADD for files and folders. | | 30 | DL3027 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stable apt-get and apt-cache | | 31 | DL3029 | Specifying --platform= in the docker file FROM clause forces the Image to build only one target platform. | | 32 | DL3046 | Without the -l or the --no-log-init flag, useradd will add the user to the lastlog and faillog databases. |

Owner

  • Name: Thomas Durieux
  • Login: tdurieux
  • Kind: user

GitHub Events

Total
  • Watch event: 1
Last Year
  • Watch event: 1

Issues and Pull Requests

Last synced: 11 months ago

All Time
  • Total issues: 1
  • Total pull requests: 0
  • Average time to close issues: about 20 hours
  • Average time to close pull requests: N/A
  • Total issue authors: 1
  • Total pull request authors: 0
  • Average comments per issue: 3.0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
  • bqcuong (1)
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels

Packages

  • Total packages: 1
  • Total downloads:
    • npm 28 last-month
  • Total dependent packages: 1
  • Total dependent repositories: 0
  • Total versions: 16
  • Total maintainers: 1
npmjs.org: @tdurieux/docker-parfum

Identify and Repair Docker smells

  • Versions: 16
  • Dependent Packages: 1
  • Dependent Repositories: 0
  • Downloads: 28 Last month
Rankings
Dependent repos count: 25.3%
Average: 29.1%
Dependent packages count: 32.9%
Maintainers (1)
Last synced: 11 months ago

Dependencies

.github/workflows/build-test.yml actions
  • actions/checkout v3 composite
  • actions/setup-node v3 composite
package-lock.json npm
  • 537 dependencies
package.json npm
  • @types/diff ^5.0.8 development
  • @types/jest ^29.5.8 development
  • @types/node ^18.11.8 development
  • browserify ^17.0.0 development
  • jest ^29.1.1 development
  • tinyify ^4.0.0 development
  • ts-jest ^29.1.1 development
  • ts-node ^10.9.1 development
  • tslib ^2.6.2 development
  • typedoc ^0.25.3 development
  • typescript ^4.9.5 development
  • @tdurieux/dinghy ^0.7.0
  • commander ^11.1.0
  • diff ^5.1.0
  • process ^0.11.10
  • yaml ^2.3.4
  • yargs ^17.7.2
cmd-options/docker-compose.yml docker
Dockerfile docker
  • node 16-alpine build