Many top docker images include lots of vulnerabilities in their system libraries.

• Choose images with fewer OS libraries and tools lower the risk and attack surface of the container.
• Prefer alpine-based images over full-blown system OS images.

Often times, you might start projects with a generic Docker container image such as writing a Dockerfile with a FROM node, as your “default”.

However, when specifying the node image, you should take into consideration that the fully installed Debian Stretch distribution is the underlying image that is used to build it.

If your project doesn’t require any general system libraries or system utilities then it is better to avoid using a full blown operating system (OS) as a base image.