# Use npm ci for Reproducible Builds

- ID: docker-nodejs-npm-ci
- Severity: LOW
- CWE: CWE-1104 (CWE-1104)
- Languages: Dockerfile
- Frameworks: docker, nodejs

## Description

Detects Dockerfiles using `npm install` instead of `npm ci` for production builds.

## Detection Message

Dockerfile uses 'npm install' - consider 'npm ci' for reproducible builds.

## Remediation

Use `npm ci` instead of `npm install` for reproducible builds.

```dockerfile
RUN npm ci
```

Learn more: https://shoulder.dev/learn/docker/cwe-1104/npm-ci

## Documentation

[object Object]

## Related Rules

- **Docker Base Image Security** [MEDIUM]: 
- **Dockerfile Uses Outdated Node.js Version** [MEDIUM]: 
- **.nvmrc Specifies Outdated Node.js Version** [MEDIUM]: 
- **Node.js Version Mismatch Between Configuration Files** [MEDIUM]: