Marketplace docker-optimizer
Reviews Dockerfiles for best practices, security issues, and image size optimizations including multi-stage builds and layer caching. Use when working with Docker, containers, or deployment.
install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/crazydubya/docker-optimizer" ~/.claude/skills/aiskillstore-marketplace-docker-optimizer && rm -rf "$T"
manifest:
skills/crazydubya/docker-optimizer/SKILL.mdsource content
Docker Optimizer
Analyzes and optimizes Dockerfiles for performance, security, and best practices.
When to Use
- User working with Docker or containers
- Dockerfile optimization needed
- Container image too large
- User mentions "Docker", "container", "image size", or "deployment"
Instructions
1. Find Dockerfiles
Search for:
DockerfileDockerfile.**.dockerfile2. Check Best Practices
Use specific base image versions:
# Bad FROM node:latest # Good FROM node:18-alpine
Minimize layers:
# Bad RUN apt-get update RUN apt-get install -y curl RUN apt-get install -y git # Good RUN apt-get update && \ apt-get install -y curl git && \ rm -rf /var/lib/apt/lists/*
Order instructions by change frequency:
# Dependencies change less than code COPY package*.json ./ RUN npm install COPY . .
Use .dockerignore:
node_modules .git .env *.md
3. Multi-Stage Builds
Reduce final image size:
# Build stage FROM node:18 AS build WORKDIR /app COPY package*.json ./ RUN npm install COPY . . RUN npm run build # Production stage FROM node:18-alpine WORKDIR /app COPY --from=build /app/dist ./dist COPY --from=build /app/node_modules ./node_modules CMD ["node", "dist/index.js"]
4. Security Issues
Don't run as root:
RUN addgroup -S appgroup && adduser -S appuser -G appgroup USER appuser
No secrets in image:
# Bad: Hardcoded secret ENV API_KEY=secret123 # Good: Use build args or runtime env ARG BUILD_ENV ENV NODE_ENV=${BUILD_ENV}
Scan for vulnerabilities:
docker scan image:tag trivy image image:tag
5. Size Optimization
Use Alpine images:
vsnode:18-alpine
(900MB → 170MB)node:18
vspython:3.11-alpine
(900MB → 50MB)python:3.11
Remove unnecessary files:
RUN npm install --production && \ npm cache clean --force
Use specific COPY:
# Bad: Copies everything COPY . . # Good: Copy only what's needed COPY package*.json ./ COPY src ./src
6. Caching Strategy
Layer caching optimization:
# Install dependencies first (cached if package.json unchanged) COPY package*.json ./ RUN npm install # Copy source (changes more frequently) COPY . . RUN npm run build
7. Health Checks
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD node healthcheck.js
8. Generate Optimized Dockerfile
Provide improved version with:
- Multi-stage build
- Appropriate base image
- Security improvements
- Layer optimization
- Build caching
- .dockerignore file
9. Build Commands
Efficient build:
# Use BuildKit DOCKER_BUILDKIT=1 docker build -t app:latest . # Build with cache from registry docker build --cache-from myregistry/app:latest -t app:latest .
10. Dockerfile Checklist
- Specific base image tag (not
)latest - Multi-stage build if applicable
- Non-root user
- Minimal layers (combined RUN commands)
- .dockerignore present
- No secrets in image
- Proper layer ordering for caching
- Alpine or slim variant used
- Cleanup in same RUN layer
- HEALTHCHECK defined
Security Best Practices
- Scan images regularly
- Use official base images
- Keep base images updated
- Minimize attack surface (fewer packages)
- Run as non-root user
- Use read-only filesystem where possible
Supporting Files
: Optimized multi-stage Dockerfile exampletemplates/Dockerfile.optimized
: Common .dockerignore patternstemplates/.dockerignore