Add pnpm/nodejs support

[gsangeryee]

In some project, we need to run pnpm install to install dependencies.
However, when running the command inside a dev container, we encounter a permission denied error.

I am new to Docker and tried setting up the environment based on your files.

devcontainer.json

// added runArgs
"runArgs": [
        // Read only filesystem except for explicitly writable volumes (check mounts)
        // For a dev environment this is more a hussle than a feature.
        // "--read-only",
        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m",
        "--tmpfs=/var/tmp:rw,noexec,nosuid,size=512m",
        "--tmpfs=/dev/shm:rw,noexec,nosuid,size=64m",
        // Drop all capabilities
        "--cap-drop=ALL",

        // A few security additions (AppArmor & no new privileges)
        "--security-opt", "no-new-privileges",
        "--security-opt", "apparmor:docker-default",

        // Use seccomp's default 
        // "--security-opt", "seccomp=default",


        // Play a little bit with resources.
        // "--memory=512m",
        // "--cpus=2"
    ],

    // Writable mounts in case you want to set --read-only above.
    "mounts": [
    ],

Dockerfile

...
# Set HOME
ENV HOME=/home/vscode

# Set needed paths (for python, pix, pnpm)
ENV USR_LOCAL_BIN=/usr/local/bin
ENV LOCAL_BIN=${HOME}/.local/bin
ENV PNPM_HOME=${HOME}/.local/share/pnpm
ENV PATH=${PATH}:${USR_LOCAL_BIN}:${LOCAL_BIN}:${PNPM_HOME}

USER root
## Install nvm, yarn, npm, pnpm
RUN curl -o- https://raw.githubusercontent.com/devcontainers/features/main/src/node/install.sh | bash
RUN chown -R vscode:vscode ${HOME}/.npm
USER vscode

Here is an example:

Example:
Command

pnpnpm install --frozen-lockfile

Error:

Error: spawnSync /workspace/musd/node_modules/.pnpm/esbuild@0.21.2/node_modules/esbuild... EACCES

Is there a safe and recommended way to fix this issue?
Any suggestions would be appreciated!

[gsangeryee]

I was able to run pnpnpm install --frozen-lockfile successfully using the following configuration after many tests.

I changed the workspace mount type from tmfs to bind as shown below:

"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached"

Here is the full devcontainer.json:

{
    "name": "Saneryee's Solidity DevContainer",
    "build": {
        "dockerfile": "Dockerfile"
    },
    //"workspaceMount": "type=tmpfs,target=/workspace",
    "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
    "workspaceFolder": "/workspace",
    "features": {},
    "customizations": {
        "vscode": {
            "extensions": [
                "NomicFoundation.hardhat-solidity",
                "tintinweb.solidity-visual-auditor",
                "trailofbits.weaudit",
                "tintinweb.solidity-metrics"
            ],
            "settings": {
                "terminal.integrated.defaultProfile.linux": "zsh",
                "terminal.integrated.profiles.linux": {
                    "zsh": {
                        "path": "/usr/bin/zsh"
                    }
                }
            }
        }
    },
    "postCreateCommand": "echo Welcome to Cyfrin's dev-container. If you'd like to build your own, you can check out an article The Red Guild have created for you at their blog under https://blog.theredguild.org/where-do-you-run-your-code;zsh"
   
}

And here is the Dockerfile:

# Base debian build (latest).
FROM mcr.microsoft.com/vscode/devcontainers/base:debian

# Set HOME
ENV HOME=/home/vscode

# Update packages.
RUN apt-get update

# Set the default shell to zsh
ENV SHELL=/usr/bin/zsh

# Running everything under zsh
SHELL ["/usr/bin/zsh", "-c"]

# Dropping privileges
USER vscode

# Install rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && source $HOME/.cargo/env

# Install uv and add to PATH
# See https://docs.astral.sh/uv/guides/integration/docker/
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
ENV PATH="/home/vscode/.local/bin:$PATH"

# Set needed paths (for python, pix, pnpm)
ENV USR_LOCAL_BIN=/usr/local/bin
ENV LOCAL_BIN=${HOME}/.local/bin
ENV PNPM_HOME=${HOME}/.local/share/pnpm
ENV PATH=${PATH}:${USR_LOCAL_BIN}:${LOCAL_BIN}:${PNPM_HOME}

# Add uv to shell configuration
RUN echo 'export PATH="/home/vscode/.cargo/bin:$PATH"' >> ~/.zshrc

# Install tools using uv
RUN uv tool install solc-select
RUN uv tool install slither-analyzer
RUN uv tool install crytic-compile

# Foundry framework
RUN curl -L https://foundry.paradigm.xyz | zsh
RUN foundryup

# Aderyn
RUN curl -L https://raw.githubusercontent.com/Cyfrin/up/main/install | zsh
RUN cyfrinup

USER root
## Install nvm, yarn, npm, pnpm
RUN curl -o- https://raw.githubusercontent.com/devcontainers/features/main/src/node/install.sh | bash

RUN mkdir -p ${HOME}/.npm ${PNPM_HOME}
# Add chown for .local and potentially other relevant dirs if needed
RUN chown -R vscode:vscode ${HOME}/.npm ${HOME}/.local
# Ensure PNPM_HOME exists and is owned correctly even if install script didn't create it early

USER vscode

# Clean up
RUN sudo apt-get autoremove -y && sudo apt-get clean -y

I'd love to hear if there's a more secure or recommended way to resolve this issue without sacrificing too much container isolation.

[PatrickAlphaC]

hmmm... This repo doesn't have pnpm support yet. We just have moccasin (python) and foundry (uh.. foundry).

If you want to make a PR for node support that would be awesome and we can take a look at this issue!