From f9c03d2decfa76ab943e90d5a3985b8465ca3cfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Fri, 5 Dec 2025 17:05:02 +0000
Subject: [PATCH] Disable npm lifecycle scripts for security

Add --ignore-scripts flag to yarn install to prevent execution of
potentially malicious scripts during package installation.

Related to PDE-128

Co-authored-by: Ona <no-reply@ona.com>
---
 .gitpod.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitpod.yml b/.gitpod.yml
index 5f28862..cce3f52 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -1,5 +1,5 @@
 tasks:
-  - init: yarn && yarn build
+  - init: yarn --ignore-scripts && yarn build
     command: |
       echo "//registry.yarnpkg.com/:_authToken=$NPM_TOKEN" >>~/.npmrc
       yarn watch