From 7b637d9135912bf5638a6ba9dfa6f15915406f05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Fri, 5 Dec 2025 17:05:45 +0000
Subject: [PATCH] Disable npm lifecycle scripts and fix npx usage for security

- Add --ignore-scripts flag to npm/yarn install in .gitpod.yml
- Replace npx netlify-lambda with yarn netlify-lambda in package.json

Related to PDE-128

Co-authored-by: Ona <no-reply@ona.com>
---
 .gitpod.yml  | 4 ++--
 package.json | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitpod.yml b/.gitpod.yml
index 5bba2fa33..bc1562e79 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -3,8 +3,8 @@ ports:
     onOpen: open-preview
 
 tasks:
-  - init: cd plugins/gatsby-remark-gitpod && npm install
-  - init: yarn --network-timeout 100000 && yarn build
+  - init: cd plugins/gatsby-remark-gitpod && npm install --ignore-scripts
+  - init: yarn --network-timeout 100000 --ignore-scripts && yarn build
     command: yarn dev --host 0.0.0.0
 
 vscode:
diff --git a/package.json b/package.json
index 5581d51cc..5d3d8f4cc 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
   ],
   "main": "n/a",
   "scripts": {
-    "build": "cp -r src/docs/release-notes/* static/release-notes/ && gatsby build && npx netlify-lambda build src/functions",
+    "build": "cp -r src/docs/release-notes/* static/release-notes/ && gatsby build && yarn netlify-lambda build src/functions",
     "clean": "rimraf public",
     "deploy": "gatsby build --prefix-paths && gh-pages -d public",
     "dev": "env-cmd -f .env.development gatsby develop",