From 41a41fa9c4a9772ffeeca0d9aafcb60b76e31194 Mon Sep 17 00:00:00 2001
From: Isaac Good <github@isaacgood.com>
Date: Fri, 8 May 2026 23:19:33 -0700
Subject: [PATCH] Use a pinned hash for the base Docker image

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d1a653f..711a93a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:lts-alpine as builder
+FROM node:lts-alpine3.23@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f as builder
 
 # Install SSL ca certificates
 RUN apk update && apk add ca-certificates
@@ -17,7 +17,7 @@ RUN yarn install
 RUN yarn install --production --modules-folder './production_node_modules'
 
 # Build a minimal and secured container
-FROM node:lts-alpine
+FROM node:lts-alpine3.23@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /etc/passwd /etc/passwd
 COPY --from=builder /typescript-analyzer/package.json /opt/analyzer/package.json