fix(dockerfile): purge npm cache in same layer as installs to prevent secret leakage

Consolidate MCP install, CVE patches, .npmrc scrub, and npm cache clean into a single RUN so the download cache (which contains package tarballs with example GitHub tokens) is never committed to a layer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 23:32:26 +02:00 · 2026-04-20 23:32:26 +02:00 · 94333e4d32
commit 94333e4d32
parent e8d134f5a9
1 changed files with 35 additions and 38 deletions
--- a/claude/Dockerfile
+++ b/claude/Dockerfile
@ -39,19 +39,20 @@ COPY settings.json /etc/claude-code/managed-settings.json
 # Install Claude Code stable release
 RUN curl -fsSL https://claude.ai/install.sh | bash -s stable
-# Install MCP servers globally — entry points land in /usr/local/lib/node_modules/
+# Install MCP servers, patch transitive CVEs, scrub credentials and cache — all in one
 # layer so nothing is committed to the image between install and cleanup.
 #
 # CVEs patched:
 #   CVE-2025-66414, CVE-2026-0621 — @modelcontextprotocol/sdk <1.25.2
 #   GHSA-345p-7cg4-v4c7           — @modelcontextprotocol/sdk <1.26.0
 #   CVE-2026-33671                — picomatch <4.0.4
 #   GHSA-f886-m6hf-6m8v           — brace-expansion <5.0.5
 RUN npm install -g \
      @modelcontextprotocol/server-github \
      @yoda.digital/gitlab-mcp-server \
      @aashari/mcp-server-atlassian-jira \
-  @aashari/mcp-server-atlassian-confluence
+      @aashari/mcp-server-atlassian-confluence \
-
+  && for pkg_dir in \
 # Patch transitive CVEs bundled inside MCP server node_modules:
 #   CVE-2025-66414, CVE-2026-0621 — @modelcontextprotocol/sdk <1.25.2
 #   GHSA-345p-7cg4-v4c7           — @modelcontextprotocol/sdk <1.26.0
 #   CVE-2026-33671                — picomatch <4.0.4 (also covers npm bundled copy above)
 #   GHSA-f886-m6hf-6m8v           — brace-expansion <5.0.5
 RUN for pkg_dir in \
       /usr/local/lib/node_modules/@modelcontextprotocol/server-github \
       /usr/local/lib/node_modules/@yoda.digital/gitlab-mcp-server \
       /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-jira \
@ -77,19 +78,15 @@ RUN for pkg_dir in \
  && find /usr/local/lib/node_modules -name "package.json" -path "*/brace-expansion/package.json" \
     | xargs grep -l '"version": "5.0.4"' 2>/dev/null \
     | while read pj; do \
         echo "Patching brace-expansion at $(dirname "$pj")"; \
         cp -r /tmp/package/. "$(dirname "$pj")/"; \
       done \
-  && rm -rf /tmp/brace-expansion-5.0.5.tgz /tmp/package
+  && rm -rf /tmp/brace-expansion-5.0.5.tgz /tmp/package \
-
+  && find /root /home /usr/local/etc -name ".npmrc" -o -name "npmrc" \
 # Remove any npm auth credentials written during install.
 # npm automatically picks up GITHUB_TOKEN and NPM_TOKEN from the build environment
 # and persists them in .npmrc files — scrub all of them before the image is finalised.
 RUN find /root /home /usr/local/etc -name ".npmrc" -o -name "npmrc" \
     | xargs grep -l "_authToken\|_auth\b" 2>/dev/null \
     | xargs rm -f 2>/dev/null || true \
  && npm config delete //npm.pkg.github.com/:_authToken 2>/dev/null || true \
-  && npm config delete //registry.npmjs.org/:_authToken 2>/dev/null || true
+  && npm config delete //registry.npmjs.org/:_authToken 2>/dev/null || true \
  && npm cache clean --force
 # Workspace and Claude config dir — owned by the built-in node user (uid 1000).
 # Pre-creating ~/.claude ensures the named volume is initialised with the