Here are two .dockerignore files:

data
node_modules
.dockerignore
.env
.env.example
.gitignore
.git
.prettierignore
.prettierrc
Dockerfile
eslint.config.js
mise.toml

* # Ignore everything, except:
!src
!package.json
!package-lock.json
!tsconfig.json

On the left we’re saying what we don’t want in our image. It’s the default style.

On the right we’re explicit about what we do want.

Why?

With default allow it’s easy to be forgetful. Does your .dockerignore contain .git? You probably remembered to add node_modules because builds were slow, but then you have to ask… what else have you forgotten?

Default ignore is:

1. Easier to reason about. This is the main thing for me. We have tools like dive to explore image bloat, perhaps we even run it once in a while. Or… use default ignore and be explicit about what matters.
2. Faster builds: less content in your Docker context makes for faster builds.
3. Quicker deployments during build push and node pull.
4. Improved security - less chance of unexpected files appearing in your images - e.g .env, .git

Our tools don’t make it easy to manage Docker context bloat.
It takes intentional effort that I’d prefer to avoid.