diff --git a/gitpod/gitpod.Dockerfile b/gitpod/gitpod.Dockerfile
index aad8d56..fc6bf84 100644
--- a/gitpod/gitpod.Dockerfile
+++ b/gitpod/gitpod.Dockerfile
@@ -1,4 +1,14 @@
 FROM gitpod/workspace-full:latest
 
+# Disable npm lifecycle scripts and npx for security
+RUN npm config set ignore-scripts true --location=user && \
+    echo 'ignore-scripts true' >> ~/.yarnrc && \
+    NPX_PATH=$(which npx) && \
+    rm -f "$NPX_PATH" && \
+    echo '#!/bin/sh' > "$NPX_PATH" && \
+    echo 'echo "npx is disabled for security reasons. Use explicit package installation instead." >&2' >> "$NPX_PATH" && \
+    echo 'exit 1' >> "$NPX_PATH" && \
+    chmod +x "$NPX_PATH"
+
 # Cache firebase
-RUN npm install --global npm firebase firebase-tools
\ No newline at end of file
+RUN npm install --global --ignore-scripts npm firebase firebase-tools
\ No newline at end of file