From 7935d86015bbefe978675f6f1ce49d8756b911c9 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Wed, 18 Feb 2026 20:24:22 -0600
Subject: [PATCH] chore(web): avoid pnpm in runtime image to reduce CVE noise

---
 apps/web/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile
index 06a3299..792588a 100644
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -81,7 +81,6 @@ ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x
 
 # Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
 RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
-    && corepack enable && corepack prepare pnpm@10.27.0 --activate \
     && chmod 755 /usr/local/bin/dumb-init \
     && groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nextjs
 
@@ -113,6 +112,7 @@ EXPOSE ${PORT:-3000}
 # Environment variables
 ENV NODE_ENV=production
 ENV HOSTNAME="0.0.0.0"
+ENV PATH="/app/apps/web/node_modules/.bin:${PATH}"
 
 # Health check uses PORT env var (set by docker-compose or defaults to 3000)
 HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
@@ -122,4 +122,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
 ENTRYPOINT ["dumb-init", "--"]
 
 # Start the application
-CMD ["pnpm", "start"]
+CMD ["next", "start"]