At the moment the shipped image includes all the development JavaScript dependencies. This causes false-positives to appear in scans of the image, such as PROJQUAY-1747.

Ideally we should make the 'npm install', and 'npm run build' steps occur in an earlier stage, and the output of the npm run build only should be included in the final image. Ie. only the static folder.