Galaxy Metal runs `npm install`, bad for production

trusktr · April 19, 2026, 10:48pm

The Dockerfile is running meteor npm install and there seems to be no way to configure it.

In projects with a package-lock.json file, Metal should be running npm clean-install to ensure reproducibility, to avoid annoying deployment failures, because npm install will automatically update dependencies during deployment, which introduces the risk of things breaking.

trusktr · April 20, 2026, 12:24am

This is getting a bit frustrating spending my Sunday on undesirable attempts at fixing an app deployment that was previously working before Metal.

I see that a custom build command is in there, somewhere, and I don’t see where to change it. When I click on the deployment version it takes me to this view, where I see a build command I cannot edit: