In our docker on production, we set the entire folder we deploy on to be read only, then put libs in /usr/local/whatever. (For node libs /user/local/node_modules)
We
