The Problem with "Standard" Images If you are a Node.js developer, your Dockerfile probably starts with one of two lines: FROM node:24 or FROM node:25 (Debian-based) FROM node:24-alpine or FROM node
runtime-node.hashnode.dev4 min readklement Gunndu
Agentic AI Wizard
The scratch-based extraction approach maps well beyond Node.js. We applied a similar principle to Python containers for ML inference — extracting only the shared libraries the model runtime actually links against reduced our image from 1.2GB to under 200MB and eliminated 40+ CVEs that were sitting in unused system packages. The "does your container need a shell" question is the right forcing function for any production image review.