The Truth Is Out There 🛸
Dockerfile Node Image Vulnerability Fix

Dockerfile Node Image Vulnerability Fix

June 7, 2025
javascript node docker

Uh oh, you used an LLM to generate your Dockerfile, but you get an issue about Node. You see there is a vulnerability with the version the LLM provides. Let’s take care of it.

What the Hell!?!

I thought using AI and LLM’s was the cool thing to do? I just want to be a part of the cool kids yo! I guess this AI stuff will come back to bite me in the ass huh?

This is what I thought. With the advent of all this AI stuff and companies seemingly only hiring AI Unicorns, it can, and will come back to bite you in the ass. It did to me when I started getting errors in my Dockerfile

We can however fix this issue with a little bit of ✨ Human Magic ✨.

Damn You LLM!

For this example, if you are a newer developer to the Docker world and wanted to deploy your first app into a Docker container, you might ask Copilot or Claude with help on generating the Dockerfile. Let’s be honest, as a frontend dev that barely worked in that DevOps space, I would have no clue what is supposed to go in the Dockerfile. There are a bunch of things you can put in the cofig. In steps an LLM.

Node Vulernability

I asked Claude to help me craft a Dockerfile for a Next app I am building. It isn’t done yet but I wanted to see if I could do it. I already have Docker on my machine, that step is done.

When Claud generated the Dockerfile for me, the version of node is used as the base image was 18. Below is JUST the base image. The rest of the Dockerfile is irrelevant.

# Use the official Node.js runtime as the base image
FROM node:18-alpine AS builder

I automatically got an error in Visual Studio Code that the version of node it was going to use had one security vulernabilities and to use the latest version of node, at this time of writing it is v22. Learn more about the security vulnerability on Docker Hub..

Node 18 security vulnerability in VS Code.

This isn’t good. We want to make sure that the code we are shipping is stable and secure. The fix is pretty straightword.

The Fix

How the hell do we fix it Chris? Well, the error that is triggered in VS Code spells it out…if you choose Quick Fix and have Copilot explain the fix. This is the dialog that Copilot says to do to fix it, which in plain English means, just update to the latest version of Node.

…and to address the high vulnerability in the base image, update the Node.js image to a more secure version.

So let’s do that and see what happens. I updated it to v22 and BAM, the error went away and everything built just fine.

FROM node:22-alpine31 AS base
Node 18 security vulnerability in VS Code after update to 22.

Now you should be able to build your Dockerfile, watch it spin up in Docker Desktop, and navigate to localhost to see it working!

Thanks for coming to my TED talk!