From 08def33801365a40821099fe3d908efafc8939d8 Mon Sep 17 00:00:00 2001
From: Leonic <88329746+Leon-Luu@users.noreply.github.com>
Date: Wed, 24 Sep 2025 05:43:50 +0200
Subject: [PATCH] fix: ensure npm is installed for Node.js base image (#5397)

* fix: ensure npm is installed for Node.js base image

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 prod.Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/prod.Dockerfile b/prod.Dockerfile
index 8fe2b791..72b765dc 100644
--- a/prod.Dockerfile
+++ b/prod.Dockerfile
@@ -44,10 +44,10 @@ RUN go build
 
 # Shared Node.js base with optimized NPM installation
 FROM alpine:3.22.1 AS node_base
-RUN apk add --no-cache nodejs curl tini && \
-  # Install NPM from source, as Alpine version is old and has dependency vulnerabilities
+RUN apk add --no-cache nodejs npm curl tini bash && \
+  # apk provides an outdated npm; immediately upgrade to a pinned version to avoid vulnerabilities
   # TODO: Find a better method which is resistant to supply chain attacks
-  sh -c "curl -qL https://www.npmjs.com/install.sh | env npm_install=11.5.2 sh" && \
+  npm install -g npm@11.5.2 && \
   npm install -g pnpm@10.15.0 @import-meta-env/cli