docker
Docker — Containerization for Monorepos
Docker best practices for Node.js monorepos with Yarn 4 Berry.
Key Principles
- Minimal images: Alpine-based, only runtime dependencies in final stage
- Layer caching order: system deps → package manifests → install → source → build
- Non-root users: Create
appuser, never run as root in production - One process per container: Compose multiple containers, not multiple processes
- Health checks on every service: Use the existing
/healthendpoint
Image Optimization Quick Reference
- Use
node:22-alpineas base - Multi-stage builds: exclude build tools from final image
yarn cache cleanafter install.dockerignore: exclude.git,node_modules,*.md,.env*,.claude,__tests__,coverage,.turbo--productionflag for runtime dependencies only- Pin base image versions (not just
latest)
Container Security Quick Reference
- Run as non-root user (
addgroup --system app && adduser --system --ingroup app app) - Don't store secrets in images — use env vars or secrets management
- Scan images:
docker scout cves <image> - Set resource limits in compose:
mem_limit,cpus - Read-only filesystem where possible:
read_only: true - Drop capabilities:
cap_drop: [ALL]
<quick_reference>
Useful Commands
docker compose build api # Build specific service
docker compose up -d # Start all services
docker compose logs -f api # Follow logs
docker compose exec api sh # Shell into container
docker images | grep myapp # Check image sizes
docker system df # View cache usage
docker system prune -a # Prune unused images
docker stats # Resource usage
</quick_reference>
When to Load References
| Need | Reference file |
|---|---|
| Writing or reviewing a Dockerfile for the monorepo | references/monorepo-dockerfile.md |
| Configuring docker-compose for dev or production | references/compose-configs.md |
More from jgamaraalv/ts-dev-kit
bullmq
BullMQ queue system reference for Redis-backed job queues, workers, flows, and schedulers. Use when: (1) creating queues and workers with BullMQ, (2) adding jobs (delayed, prioritized, repeatable, deduplicated), (3) setting up FlowProducer parent-child job hierarchies, (4) configuring retry strategies, rate limiting, or concurrency, (5) implementing job schedulers with cron/interval patterns, (6) preparing BullMQ for production (graceful shutdown, Redis config, monitoring), or (7) debugging stalled jobs or connection issues
46owasp-security-review
Review code and architectures against the OWASP Top 10:2025 — the ten most critical web application security risks. Use when: (1) reviewing code for security vulnerabilities, (2) auditing a feature or codebase against OWASP categories, (3) providing remediation guidance for identified vulnerabilities, (4) writing new code and needing secure coding patterns. Triggers: 'review for security', 'OWASP audit', 'check for vulnerabilities','security checklist', 'is this code secure', 'security review', 'fix vulnerability'.
42ioredis
ioredis v5 reference for Node.js Redis client — connection setup, RedisOptions, pipelines, transactions, Pub/Sub, Lua scripting, Cluster, and Sentinel. Use when: (1) creating or configuring Redis connections (standalone, cluster, sentinel), (2) writing Redis commands with ioredis (get/set, pipelines, multi/exec), (3) setting up Pub/Sub or Streams, (4) configuring retryStrategy, TLS, or auto-pipelining, (5) working with Redis Cluster options (scaleReads, NAT mapping), or (6) debugging ioredis connection issues. Important: use named import `import { Redis } from 'ioredis'` for correct TypeScript types with NodeNext.
35ui-ux-guidelines
Review UI code for Web Interface Guidelines compliance. Use when asked to review UI, check accessibility, audit design, review UX, or check against best practices.
26service-worker
Service Worker API implementation guide — registration, lifecycle management, caching strategies, push notifications, and background sync. Use when: (1) creating or modifying service worker files (sw.js), (2) implementing offline-first caching (cache-first, network-first, stale-while-revalidate), (3) setting up push notifications or background sync, (4) debugging service worker registration, scope, or update issues, (5) implementing navigation preload, (6) user mentions 'service worker', 'sw.js', 'offline support', 'cache strategy', 'push notification', 'background sync', 'workbox alternative', or 'PWA caching'.
25composition-patterns
React composition patterns that scale. Use when refactoring components with boolean prop proliferation, building flexible component libraries, or designing reusable APIs. Triggers on tasks involving compound components, render props, context providers, or component architecture. Includes React 19 API changes.
23