Disable npm lifecycle scripts and fix npx usage for security (#1037)

- Add --ignore-scripts flag to npm/yarn install in .gitpod.yml
- Replace npx netlify-lambda with yarn netlify-lambda in package.json

Related to PDE-128

Co-authored-by: Ona <no-reply@ona.com>

Author: jespino

.gitpod.yml

@@ -3,8 +3,8 @@ ports:
     onOpen: open-preview
 
 tasks:
-  - init: cd plugins/gatsby-remark-gitpod && npm install
-  - init: yarn --network-timeout 100000 && yarn build
+  - init: cd plugins/gatsby-remark-gitpod && npm install --ignore-scripts
+  - init: yarn --network-timeout 100000 --ignore-scripts && yarn build
     command: yarn dev --host 0.0.0.0
 
 vscode:

package.json

@@ -8,7 +8,7 @@
   ],
   "main": "n/a",
   "scripts": {
-    "build": "cp -r src/docs/release-notes/* static/release-notes/ && gatsby build && npx netlify-lambda build src/functions",
+    "build": "cp -r src/docs/release-notes/* static/release-notes/ && gatsby build && yarn netlify-lambda build src/functions",
     "clean": "rimraf public",
     "deploy": "gatsby build --prefix-paths && gh-pages -d public",
     "dev": "env-cmd -f .env.development gatsby develop",