From d464f0fe43417e0965158ef5a99d3fb912fe0382 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Sat, 14 Feb 2026 16:52:54 -0600
Subject: [PATCH] feat: use hardened image

---
 Dockerfile | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e5bce73..571a94f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,13 @@
-ARG REGISTRY=docker.io
-FROM ${REGISTRY}/node:24.13.1-alpine AS base
+FROM docker.io/node:24.13.1-alpine AS builder
 
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable
 
 WORKDIR /app
-
 COPY package.json pnpm-lock.yaml ./
 
-FROM base AS prod-deps
+FROM builder AS prod-deps
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
 
 FROM prod-deps AS build-deps
@@ -18,9 +16,9 @@ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
 FROM build-deps AS build
 COPY . .
 RUN pnpm run build
-RUN pnpm prune --prod
 
-FROM base AS runtime
+FROM dhi.io/node:24.13.1 AS runtime
+WORKDIR /app
 COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build /app/dist /app/dist