[acoard]

Even better, you can run these in Docker as non-root. Security wise, while this wouldn't make your app itself more secure, it would insulate your host OS from getting infected. I just checked and they even have one-liner Docker commands that do just this:

    docker run -d -p 8080:3000 --name wiki --restart unless-stopped -e "DB_TYPE=postgres" -e "DB_HOST=db" -e "DB_PORT=5432" -e "DB_USER=wikijs" -e "DB_PASS=wikijsrocks" -e "DB_NAME=wiki" requarks/wiki:2