Will It Vibe logoWill It Vibe?
DOCKER-004Low severity-4 points

apt-get install without --no-install-recommends

Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

apt-get install pulls recommended packages by default, bloating the image with software the app never uses.

Why it matters

apt-get install pulls in recommended packages by default, adding software the application never uses. That grows the image, lengthens builds, and widens the attack surface with extra binaries.

How to fix it

Add --no-install-recommends to each apt-get install. Combine it with a matching cleanup (rm -rf /var/lib/apt/lists/*) in the same RUN. If a package genuinely needs a recommended dependency, install that dependency explicitly by name.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Architecture & Best Practices checks