Explain how to use/build rootless aka using the node user instead of the default root user

[rugk]

Problem

Many people likely follow your simple guide here.

It is, however, a security best practice to make your service run as non-root inside the container: https://docs.docker.com/build/building/best-practices/#user

Especially when it is executed in a rootful way this increases the security.

Solution

There is no documentation in the README to run it like this, but the usual steps for building an app likely will be similar?

Alternatives to Consider

N/A

Came here from orangecoding/fredy#207 BTW

[rugk]

Ah found it! https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#non-root-user

IMHO that's quite hidden though for a a best practices document…

[rugk]

IMHO, you may also link the best practices on https://hub.docker.com/_/node/#how-to-use-this-image directly, to save some more clicks and hopefully make more people find the information about non-root users. So if you adjust the docs there for #2286 you may likewise add a link to the best practices here.