Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
netdevphoenix an hour ago

> if I am going to run some code from somewhere and I haven't read it, it goes in a container

How does this work? Every single npm package has tons of dependency tree nodes

Lutger an hour ago | parent | next [-]

Everything runs in the container and cannot escape it. Its like a sandbox.

You have to make sure you're not putting any secrets in the container environment.

roozbeh18 20 minutes ago | parent | next [-]

You are just reducing the blast radius with use of podman; you will likely need secrets for your app to work, which will be exposed regardless of the podman approach.

12 minutes ago | parent [-]
[deleted]
mlnj 34 minutes ago | parent | prev | next [-]

>You have to make sure you're not putting any secrets in the container environment.

How does this work exactly? containers still need env vars and access to databases and cloud environments. Without these the container is just useless isolated pod.

lbhdc 9 minutes ago | parent | next [-]

Not who you asked, but I have a similar setup. I can run everything I need for local development in that image (db, message queue emulator, cache, other services). So, setting things like environment variables or running postgres work the same as they do outside the container.

The image itself isn't the same image that the app gets deployed in, but is a portable dev environment with everything needed to build and run my apps baked in.

This comes with some nice side effects like being able to instantly spin up clean work environments on my laptop, someone elses, or a remote vm.

jack_pp 24 minutes ago | parent | prev [-]

Maybe don't use JavaScript on the backend.

moffkalast 41 minutes ago | parent | prev [-]

All right then, keep your secrets.

swsieber an hour ago | parent | prev [-]

I didn't read this as separate containers.