I Linted 100 Dockerfiles from GitHub — The Same 5 Mistakes Everywhere

I wrote a Dockerfile linter and ran it against 100 popular open-source Dockerfiles from GitHub. The results? The same 5 mistakes appeared in over 60% of them. The Methodology I grabbed Dockerfiles from repos with 1,000+ stars across different languages (Python, Node.js, Go, Java). Ran my linter and categorized every issue. Mistake #1: Using :latest Tag (73% of Dockerfiles) # Bad FROM python:latest # Good FROM python:3.11-slim Why it matters: :latest is a moving target. Your build works today, breaks tomorrow when the base image updates. I've seen production outages from this exact issue. The fix: Always pin to a specific version. Use slim/alpine variants to reduce image size by 80%. Mistake #2: Running as Root (68%) # Bad — runs everything as root FROM node:20 COPY . /app CMD ["node", "server.js"] # Good — creates and uses non-root user FROM node:20-slim RUN groupadd -r app && useradd -r -g app app COPY --chown=app:app . /app USER app CMD ["node", "server.js"] Why it matters: If an att