The scratch-based extraction approach maps well beyond Node.js. We applied a similar principle to Python containers for ML inference — extracting only the shared libraries the model runtime actually links against reduced our image from 1.2GB to under 200MB and eliminated 40+ CVEs that were sitting in unused system packages. The "does your container need a shell" question is the right forcing function for any production image review.
klement Gunndu
Agentic AI Wizard
The scratch-based extraction approach maps well beyond Node.js. We applied a similar principle to Python containers for ML inference — extracting only the shared libraries the model runtime actually links against reduced our image from 1.2GB to under 200MB and eliminated 40+ CVEs that were sitting in unused system packages. The "does your container need a shell" question is the right forcing function for any production image review.