Thanks for your interest in Runtime Node. This project exists to ship a production-grade, distroless Node.js runtime image. Contributions are welcome when they strengthen security, reliability, or operator clarity without expanding the runtime surface area.
Every change must preserve these constraints:
- Distroless runtime: no shell, no package manager, no OS utilities in the final image.
- Minimal runtime surface: only components required for Node.js to run in production.
- Predictable behavior: explicit versions and deterministic outputs.
If a change adds convenience but is not strictly required for runtime correctness, it will not be accepted.
- Report a bug in the published image.
- Improve documentation or examples.
- Propose a platform or architecture expansion.
- Request a Node.js version upgrade.
Use the issue templates in .github/ISSUE_TEMPLATE/ to keep requests consistent.
Do not open public issues for security vulnerabilities. Follow the process in SECURITY.md.
Prerequisites:
- Docker
- Git
Build the image locally:
docker build -t runtimenode/runtime-node:local .
Smoke test the runtime:
docker run --rm --entrypoint /usr/local/bin/node \
runtimenode/runtime-node:local --version
- Create a feature branch from
develop(or a branch for backport version support likedevelop-v1+node24or etc.). - Make changes with the smallest possible surface area.
- Update documentation when behavior or defaults change.
- Open a pull request using the required PR template.
All pull requests must:
- Use the provided PR template (
.github/PULL_REQUEST_TEMPLATE.md). - Use a conventional commit style title (
feat:,fix:,docs:,chore:,ci:). - Clearly describe why the change is necessary for the runtime image.
- Dependencies are installed in the builder stage via
dependencies/requirements.txtandscript.sh. - Runtime additions must be justified as strictly required for Node.js operation.
- The final image must remain
scratch-based and distroless.
Node.js version upgrades are tracked as versioned releases. Requests must include the official Alpine Node image tag (for example, node:26.1.0-alpine3.23) and are expected to trigger a semver release bump for the image.
Documentation updates should be marketing and product focused first, with engineering and operations details second. Keep examples runnable and avoid hardcoding stale version numbers unless the update is tied to a release.