Show HN: Docker-phobia: Analyze Docker image size with a treemap (opens in new tab)

(github.com)

91 pointsremorses1y ago30 comments

30 comments

Why does this need to pipe a script into bash from a non-github origin?

And in that script, you're actually piping another script from yet another domain (`https://goblin.reaper.im/`), where reaper.im looks like some kind of ad-infested parking domain?

remorsesOP1y ago

You can also install it with go, I updated the readme

go install github.com/remorses/docker-phobia

akshat26021y ago

Looks like goblin.run is a project that lets you install golang projects without having golang installed. OP should probably preface the installation script with this.

_joel1y ago

or just use, I don't know, docker?

2 more replies

Scipio_Afri1y ago

Not using https is bad.

curl -sf http://goblin.run/github.com/remorses/docker-phobia | sh

Also why just include that shell script in the repo and have people curl that?

remorsesOP1y ago

Goblin is a service that builds a go binary for your platform on the fly and downloads it in PATH. This is a much faster way than setting up Github Actions to build an executable for every possible platform on every release. You can also use go install if you know what you are doing.

leetrout1y ago

> This is a much faster way than setting up Github Actions to build an executable for every possible platform on every release

It's not even that hard. Just use GoReleaser.

https://goreleaser.com/

1 more reply

Wingy1y ago

curl should probably scream when it detects piping unencrypted wan (not local ips) connections to shell, sort of like what openssh does when a host’s fingerprint changes

mr_mitm1y ago

How could curl detect where it's piped to?

2 more replies

adamomada1y ago

The shell would have to give the warning

jijijijij1y ago

Lol. This is an hilariously shady instruction. Is this a docker inside joke or something?

XiS1y ago

Cool, gonna try this soon. Would be great to use in combination with Dive (https://github.com/wagoodman/dive)

pronik1y ago

It says in the README it leverages Dive. Basically it's a visualization for Dive's JSON output, which I'd very much prefer to exist as exactly that -- something I can pipe Dive's JSON into. No need to wrap Dive for that.

xmorse1y ago

Dive doesn't have a JSON output, I had to use the internal API to do it.

1 more reply

willswire1y ago

Ran this instead of that scary pipe thru sh command

go install github.com/remorses/docker-phobia@latest

_joel1y ago

No thanks, this looks shady as hell.

btreecat1y ago

I don't remember what this type of visualisation this is called, but I really like it for understanding disk use quickly. When I wish to drill into detail I find a list helps me more but the box layout is usually where I like to start.

Looking forward to trying this.

xmorse1y ago

It's a treemap graph, frontend people use it all the time to analyze a website javascript bundle size, I created this so Docker people can make smaller images more easily

TopRainbowT1y ago

Sounds great, I'm looking forward to giving this a shot.

cheptsov1y ago

Why not just show it per layer and folder via plain text?

j / k navigate · click thread line to collapse

30 comments

bertman1y ago

Why does this need to pipe a script into bash from a non-github origin?

And in that script, you're actually piping another script from yet another domain (`https://goblin.reaper.im/`), where reaper.im looks like some kind of ad-infested parking domain?

remorsesOP1y ago

You can also install it with go, I updated the readme

go install github.com/remorses/docker-phobia

akshat26021y ago

Looks like goblin.run is a project that lets you install golang projects without having golang installed. OP should probably preface the installation script with this.

_joel1y ago

or just use, I don't know, docker?

2 more replies

Scipio_Afri1y ago

Not using https is bad.

curl -sf http://goblin.run/github.com/remorses/docker-phobia | sh

Also why just include that shell script in the repo and have people curl that?

remorsesOP1y ago

leetrout1y ago

> This is a much faster way than setting up Github Actions to build an executable for every possible platform on every release

It's not even that hard. Just use GoReleaser.

https://goreleaser.com/

1 more reply

Wingy1y ago

curl should probably scream when it detects piping unencrypted wan (not local ips) connections to shell, sort of like what openssh does when a host’s fingerprint changes

mr_mitm1y ago

How could curl detect where it's piped to?

2 more replies

adamomada1y ago

The shell would have to give the warning

jijijijij1y ago

Lol. This is an hilariously shady instruction. Is this a docker inside joke or something?

XiS1y ago

Cool, gonna try this soon. Would be great to use in combination with Dive (https://github.com/wagoodman/dive)

pronik1y ago

xmorse1y ago

Dive doesn't have a JSON output, I had to use the internal API to do it.

1 more reply

willswire1y ago

Ran this instead of that scary pipe thru sh command

go install github.com/remorses/docker-phobia@latest

_joel1y ago

No thanks, this looks shady as hell.

btreecat1y ago

Looking forward to trying this.

xmorse1y ago

It's a treemap graph, frontend people use it all the time to analyze a website javascript bundle size, I created this so Docker people can make smaller images more easily

TopRainbowT1y ago

Sounds great, I'm looking forward to giving this a shot.

cheptsov1y ago

Why not just show it per layer and folder via plain text?

j / k navigate · click thread line to collapse