Skip to main content
Use the Minimus supply chain proxy to govern package installations and enforce stronger security standards. Public repositories such as npm are frequent targets for malicious package uploads. The Minimus supply chain proxy help mitigate the risk with minimal setup.

Using the Minimus Supply Chain Proxy

1

Select an image to protect

Select a Minimus image from the list. Your selection will return the relevant Dockerfile code. Currently, the images Node and Node-FIPS are available.
2

Save code to Dockerfile

Copy the provided code from the Minimus console and add it to your Dockerfile. The code will ensure that you use the Minimus Node or Node-FIPS image for the FROM statement and install packages from the Minimus secure repository https://npm.mini.dev/ . In this proxy repository, only packages and versions that have passed the checks and security thresholds will be available.
3

Edit the image version (optional)

The provided code snippet assumes the use of the Minimus Node latest-dev image, but you can edit it to use a Node production image or any image version instead.
4

Build the Dockerfile

Build your app as usual. The provided code is only a recommendation. Note the tag --pull to avoid cached images. About pull policy recommendations
docker build --pull -t node-secure:latest .