1The USER Command
By default, Docker containers run as the 'root' user. If a hacker finds a vulnerability in your Node app, they get root access to the container. Best practice is to add 'USER node' in your Dockerfile before the CMD step, ensuring the app runs as an unprivileged user.
