Many top docker images include lots of vulnerabilities in their system libraries.
Often times, you might start projects with a generic Docker container image such as writing a Dockerfile with a FROM node, as your “default”.
However, when specifying the node image, you should take into consideration that the fully installed Debian Stretch distribution is the underlying image that is used to build it.
If your project doesn’t require any general system libraries or system utilities then it is better to avoid using a full blown operating system (OS) as a base image.