diff --git a/src/frontend/servers/y-provider/Dockerfile b/src/frontend/servers/y-provider/Dockerfile
index 7ed5a2e7..2e16bdd5 100644
--- a/src/frontend/servers/y-provider/Dockerfile
+++ b/src/frontend/servers/y-provider/Dockerfile
@@ -31,6 +31,9 @@ COPY --from=y-provider-builder \
 
 RUN NODE_ENV=production yarn install --frozen-lockfile
 
+# Remove npm, contains CVE related to cross-spawn and we don't use it.
+RUN rm -rf /usr/local/bin/npm /usr/local/lib/node_modules/npm
+
 # Un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}