diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 9cb58f0ea..bb8eeb578 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,6 +12,14 @@ permissions:
   contents: write
 
 jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          verbose: true
   lint:
     runs-on: ubuntu-latest
     steps:
diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 000000000..853c0983e
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,2 @@
+ignored:
+  - DL3002 # TODO: Last USER should not be root
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 7bec3bd4b..ec4dc9329 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,2 +1,10 @@
-FROM node:20.12.2-alpine3.19 AS base
-RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sh -
+FROM node:20.12.2-alpine3.19
+
+USER 0:0
+
+RUN corepack enable \
+    && corepack enable pnpm
+
+ENV NODE_OPTIONS="--max_old_space_size=8192"
+
+EXPOSE 9000 3333
diff --git a/docker-compose.yml b/docker-compose.yml
index 841f07ff9..5fa1ff04a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,9 +7,6 @@ services:
     tty: true
     working_dir: /mermaid
     mem_limit: '8G'
-    entrypoint: ./docker-entrypoint.sh
-    environment:
-      - NODE_OPTIONS=--max_old_space_size=8192
     volumes:
       - ./:/mermaid
       - root_cache:/root/.cache
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
deleted file mode 100755
index c222b7fd5..000000000
--- a/docker-entrypoint.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-source /root/.shrc
-exec "$@"