Native Node addon installs should cache node-gyp header downloads with BuildKit cache mounts.Documentation Index
Fetch the complete documentation index at: https://tally.wharflab.com/llms.txt
Use this file to discover all available pages before exploring further.
| Property | Value |
|---|---|
| Severity | Info |
| Category | Performance |
| Default | Enabled |
| Auto-fix | Yes (suggestion, requires --fix-unsafe) |
Description
Flags JavaScript package install or rebuildRUN instructions in stages that look likely to compile native Node addons, but do not cache
node-gyp’s header download directory.
The rule looks for native build signals such as:
- OS packages:
python3,make,gcc,g++,build-base, orbuild-essential - native addon helpers:
node-gyp,node-pre-gyp, orprebuild-install - rebuild commands:
npm rebuild,pnpm rebuild, oryarn rebuild - observable
package.jsondependencies such assharp,canvas,bcrypt,sqlite3,better-sqlite3,node-rdkafka,grpc, orisolated-vm - dev-only native dependencies, but only when the install command includes dev packages
What The Fix Adds
The suggested fix adds a cache mount for node-gyp’s devdir:tally/prefer-package-cache-mounts is not enabled for the same run, the fix also adds the matching package-manager cache mount for npm,
pnpm, or yarn. When the generic cache-mount rule is enabled, this rule leaves package-manager caches to that rule to avoid duplicate suggestions.
For shell-form RUN instructions, the fix also inserts:
NPM_CONFIG_DEVDIR, npm_config_devdir, or npm_package_config_node_gyp_devdir, the rule uses that path for the cache
mount instead of adding another environment assignment.
Examples
Before
After
Existing devdir
Guardrails
- Windows container stages are skipped because BuildKit
RUN --mountis not supported there. - Stages with explicit native build caches such as
ccacheor prebuild artifact cache mounts are skipped. - The rule does not suggest tmpfs for
node_modulesor packagebuild/directories. Compiled.nodeartifacts must remain in the image layer.