I have a nodejs-based project running on my Ubuntu server, using the usual node_modules folder of dependencies. Some of them where (eg. "ws" in this case) where automatically compiled using node-gyp on install by npm install, and everything was fine for some months.
However I now just encountered a case where automatic security updates (apt unattended-upgrades on Linux) removed dynamically linked dependencies (a certain version of libc, eg. /usr/lib/x86_64-linux-gnu/libc.X.Y.so) of the application, as the deprecated lib was removed from the system by APT. Which is perfectly fine on APTs behalf, as no other APT-managed package depend on it anymore.
Doing a "rebuild" by npm rebuild is fixing this problem (by invoking node-gyp to build against the new version of the libraries I guess).
How to build my application in a way that this does not happen again? Is there any way I can tell npm to output the dependencies node-gyp used to compile against?
readelf --dyn-symsor similar on the native library to show what it links to. glibc specifically has been on file libc.so.6 for many years with backwards compatibility, the only problem I can imagine is trying to use very new libc features.