chore: remove unused npm and clean up ctags build artifacts in Docker image

[brendan-kellam]

The Node.js base image bundles npm with transitive dependencies
(minimatch, tar, picomatch) that Trivy flags as vulnerable. Since we
use Yarn exclusively, npm is never invoked at runtime. Removing it
eliminates these false positives and reduces image size.

Also clean up the ctags source tree left in /tmp after the install
script runs (~109MB of build artifacts).

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

Summary by CodeRabbit

• Chores
  • Optimized Docker runtime image by removing unnecessary npm tooling and temporary build artifacts, resulting in a leaner deployment image.

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e479482e-bd4d-477e-8f4e-fc1028cf57ce

📥 Commits

Reviewing files that changed from the base of the PR and between 5e1d851 and 9ffe5d1.

📒 Files selected for processing (1)

• Dockerfile

---

Walkthrough

The Dockerfile was modified to remove npm and npx binaries along with associated node-gyp directories from the runner stage image, and to extend the ctags installation cleanup to remove temporary artifacts in /tmp.

Changes

Cohort / File(s)	Summary
Docker Image Optimization Dockerfile	Removed npm/npx binaries and npm/node-gyp cache directories from runner stage; added cleanup of temporary build artifacts in /tmp after ctags installation.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: removing unused npm binaries and cleaning up ctags build artifacts from the Docker image.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch brendan/docker-image-cleanup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}