From 20ca39d1f6d3fa4790baaa0b2d6d2928b162dd74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Fri, 5 Dec 2025 17:04:08 +0000
Subject: [PATCH] Disable npm lifecycle scripts and fix npx usage for security

- Add --ignore-scripts flag to npm install
- Replace npx prisma with yarn prisma

Related to PDE-128

Co-authored-by: Ona <no-reply@ona.com>
---
 .gitpod.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitpod.yml b/.gitpod.yml
index 3b5566f..39aa8dd 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -3,13 +3,13 @@
 image: gitpod/workspace-postgres
 
 tasks:
-  - init: npm install
+  - init: npm install --ignore-scripts
     command: |
       export HMR_HOST=`gp url 3000`
       npm run dev
     env:
       DATABASE_URL: postgres://gitpod@localhost/todos
-  - command: npx prisma studio
+  - command: yarn prisma studio
     env:
       DATABASE_URL: postgres://gitpod@localhost/todos