diff --git a/.gitpod.yml b/.gitpod.yml
index 7efafb7..cc367e7 100644
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -4,7 +4,7 @@ tasks:
     init: |
       mkdir node_modules
       cp -r /home/gitpod/.cache/workspace/* ./node_modules
-      yarn
+      yarn --ignore-scripts
       yarn compile
     command: |
       touch __init_task_done__
diff --git a/Dockerfile b/Dockerfile
index ea194ed..b3f40dd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,24 @@
 FROM gitpod/workspace-full
 
+# Disable npm lifecycle scripts and npx for security
+RUN npm config set ignore-scripts true --location=user && \
+    echo 'ignore-scripts true' >> ~/.yarnrc && \
+    NPX_PATH=$(which npx) && \
+    rm -f "$NPX_PATH" && \
+    echo '#!/bin/sh' > "$NPX_PATH" && \
+    echo 'echo "npx is disabled for security reasons. Use explicit package installation instead." >&2' >> "$NPX_PATH" && \
+    echo 'exit 1' >> "$NPX_PATH" && \
+    chmod +x "$NPX_PATH"
+
 # Create a new image and publish it to dockerhub, then use it directly in .gitpod.yml
 # as prebuils for integration test makes no sense because a new environment is created
 # every time
 RUN cd /tmp \
     && git clone https://github.com/gitpod-io/python-test-workspace --depth=1 --single-branch --branch=master \
     && cd python-test-workspace \
-    && yarn \
+    && yarn --ignore-scripts \
     && mkdir -p /home/gitpod/.cache/workspace \
     && cp -r ./node_modules /home/gitpod/.cache/workspace \
     && python3 -m pip install --upgrade ipykernel \
-    && npm_config_yes=true npx playwright install-deps \
-    && npm_config_yes=true npx playwright install
\ No newline at end of file
+    && yarn playwright install-deps \
+    && yarn playwright install
\ No newline at end of file