From a330723ca59b38807ff3f63003fe91de691cbc66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Fri, 5 Dec 2025 17:03:40 +0000
Subject: [PATCH] Disable npm lifecycle scripts for security

Add --ignore-scripts flag to npm install to prevent execution of
potentially malicious scripts during package installation.

Related to PDE-128

Co-authored-by: Ona <no-reply@ona.com>
---
 .gitpod.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitpod.yml b/.gitpod.yml
index f7d3bc6..6a7cb65 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -1,6 +1,6 @@
 # List the start up tasks. Learn more https://www.gitpod.io/docs/config-start-tasks/
 tasks:
-  - init: npm install # runs during prebuild
+  - init: npm install --ignore-scripts # runs during prebuild
     command: npm start
 
 # List the ports to expose. Learn more https://www.gitpod.io/docs/config-ports/