Docker .npmrc security

Npm tokens leaking in the docker history

This is a companion repo with code samples for a blog post I wrote titled Securely using .npmrc files in Docker images. I published a follow up post called Docker build secrets and private npm packages several months later.

I discovered this issue while launching Mapbox Atlas v2 in August 2018. Mapbox Atlas is a self-hosted container-based version of the Mapbox platform.