Move npx disable from Dockerfile to postCreateCommand

Move the npx disabling logic to postCreateCommand in devcontainer.json
to ensure npx gets disabled after the container is fully set up.

Co-authored-by: Ona <[email protected]>

Author: jespino

.devcontainer/Dockerfile

@@ -3,10 +3,3 @@ FROM mcr.microsoft.com/devcontainers/typescript-node:latest
 # Disable npm/yarn lifecycle scripts for security
 RUN npm config set ignore-scripts true --location=user && \
     echo 'ignore-scripts true' >> ~/.yarnrc
-
-# Disable npx for security
-RUN rm -f /usr/bin/npx /usr/local/bin/npx && \
-    echo '#!/bin/sh' > /usr/local/bin/npx && \
-    echo 'echo "npx is disabled for security reasons. Use explicit package installation instead." >&2' >> /usr/local/bin/npx && \
-    echo 'exit 1' >> /usr/local/bin/npx && \
-    chmod +x /usr/local/bin/npx

.devcontainer/devcontainer.json

@@ -8,7 +8,7 @@
   "features": {
     "ghcr.io/devcontainers/features/node:1": {}
   },
-  "postCreateCommand": "yarn install --frozen-lockfile",
+  "postCreateCommand": "NPX_PATH=$(which npx) && sudo rm -f \"$NPX_PATH\" && echo '#!/bin/sh' | sudo tee \"$NPX_PATH\" > /dev/null && echo 'echo \"npx is disabled for security reasons. Use explicit package installation instead.\" >&2' | sudo tee -a \"$NPX_PATH\" > /dev/null && echo 'exit 1' | sudo tee -a \"$NPX_PATH\" > /dev/null && sudo chmod +x \"$NPX_PATH\" && yarn install --frozen-lockfile",
   "customizations": {
     "vscode": {
       "extensions": ["esbenp.prettier-vscode"]