diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js
index 303100d337eb..9aca8bde70a6 100644
--- a/node_modules/@npmcli/run-script/lib/escape.js
+++ b/node_modules/@npmcli/run-script/lib/escape.js
@@ -36,14 +36,11 @@ const cmd = (input, doubleEscape) => {
   }
 
   // and finally, prefix shell meta chars with a ^
-  result = result.replace(/[ !^&()<>|"]/g, '^$&')
+  result = result.replace(/[ !%^&()<>|"]/g, '^$&')
   if (doubleEscape) {
-    result = result.replace(/[ !^&()<>|"]/g, '^$&')
+    result = result.replace(/[ !%^&()<>|"]/g, '^$&')
   }
 
-  // except for % which is escaped with another %, and only once
-  result = result.replace(/%/g, '%%')
-
   return result
 }
 
@@ -65,13 +62,7 @@ const sh = (input) => {
   return result
 }
 
-// disabling the no-control-regex rule for this line as we very specifically _do_ want to
-// replace those characters if they somehow exist at this point, which is highly unlikely
-// eslint-disable-next-line no-control-regex
-const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x1F]/g, '')
-
 module.exports = {
   cmd,
   sh,
-  filename,
 }
diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js
index 7725fd976c89..5b06db3c16ea 100644
--- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js
+++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js
@@ -1,19 +1,10 @@
 /* eslint camelcase: "off" */
 const isWindows = require('./is-windows.js')
 const setPATH = require('./set-path.js')
-const { unlinkSync: unlink, writeFileSync: writeFile } = require('fs')
-const { tmpdir } = require('os')
 const { resolve } = require('path')
 const which = require('which')
 const npm_config_node_gyp = require.resolve('node-gyp/bin/node-gyp.js')
 const escape = require('./escape.js')
-const { randomBytes } = require('crypto')
-
-const translateWinPathToPosix = (path) => {
-  return path
-    .replace(/^([A-z]):/, '/$1')
-    .replace(/\\/g, '/')
-}
 
 const makeSpawnArgs = options => {
   const {
@@ -38,10 +29,7 @@ const makeSpawnArgs = options => {
     npm_config_node_gyp,
   })
 
-  const fileName = escape.filename(`${event}-${randomBytes(4).toString('hex')}`)
-  let scriptFile
-  let script = ''
-
+  let doubleEscape = false
   const isCmd = /(?:^|\\)cmd(?:\.exe)?$/i.test(scriptShell)
   if (isCmd) {
     let initialCmd = ''
@@ -68,26 +56,18 @@ const makeSpawnArgs = options => {
       pathToInitial = initialCmd.toLowerCase()
     }
 
-    const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat')
-
-    scriptFile = resolve(tmpdir(), `${fileName}.cmd`)
-    script += '@echo off\n'
-    script += cmd
-    if (args.length) {
-      script += ` ${args.map((arg) => escape.cmd(arg, doubleEscape)).join(' ')}`
-    }
-  } else {
-    scriptFile = resolve(tmpdir(), `${fileName}.sh`)
-    script = cmd
-    if (args.length) {
-      script += ` ${args.map((arg) => escape.sh(arg)).join(' ')}`
-    }
+    doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat')
   }
 
-  writeFile(scriptFile, script)
+  let script = cmd
+  for (const arg of args) {
+    script += isCmd
+      ? ` ${escape.cmd(arg, doubleEscape)}`
+      : ` ${escape.sh(arg)}`
+  }
   const spawnArgs = isCmd
-    ? ['/d', '/s', '/c', escape.cmd(scriptFile)]
-    : [isWindows ? translateWinPathToPosix(scriptFile) : scriptFile]
+    ? ['/d', '/s', '/c', script]
+    : ['-c', '--', script]
 
   const spawnOpts = {
     env: spawnEnv,
@@ -97,16 +77,7 @@ const makeSpawnArgs = options => {
     ...(isCmd ? { windowsVerbatimArguments: true } : {}),
   }
 
-  const cleanup = () => {
-    // delete the script, this is just a best effort
-    try {
-      unlink(scriptFile)
-    } catch (err) {
-      // ignore errors
-    }
-  }
-
-  return [scriptShell, spawnArgs, spawnOpts, cleanup]
+  return [scriptShell, spawnArgs, spawnOpts]
 }
 
 module.exports = makeSpawnArgs
diff --git a/node_modules/@npmcli/run-script/lib/run-script-pkg.js b/node_modules/@npmcli/run-script/lib/run-script-pkg.js
index ec6ef31e50ab..c10d20bb7348 100644
--- a/node_modules/@npmcli/run-script/lib/run-script-pkg.js
+++ b/node_modules/@npmcli/run-script/lib/run-script-pkg.js
@@ -6,8 +6,17 @@ const signalManager = require('./signal-manager.js')
 const isServerPackage = require('./is-server-package.js')
 
 // you wouldn't like me when I'm angry...
-const bruce = (id, event, cmd) =>
-  `\n> ${id ? id + ' ' : ''}${event}\n> ${cmd.trim().replace(/\n/g, '\n> ')}\n`
+const bruce = (id, event, cmd, args) => {
+  let banner = id
+    ? `\n> ${id} ${event}\n`
+    : `\n> ${event}\n`
+  banner += `> ${cmd.trim().replace(/\n/g, '\n> ')}`
+  if (args.length) {
+    banner += ` ${args.join(' ')}`
+  }
+  banner += '\n'
+  return banner
+}
 
 const runScriptPkg = async options => {
   const {
@@ -52,10 +61,10 @@ const runScriptPkg = async options => {
 
   if (stdio === 'inherit' && banner !== false) {
     // we're dumping to the parent's stdout, so print the banner
-    console.log(bruce(pkg._id, event, cmd))
+    console.log(bruce(pkg._id, event, cmd, args))
   }
 
-  const [spawnShell, spawnArgs, spawnOpts, cleanup] = makeSpawnArgs({
+  const [spawnShell, spawnArgs, spawnOpts] = makeSpawnArgs({
     event,
     path,
     scriptShell,
@@ -93,7 +102,7 @@ const runScriptPkg = async options => {
     } else {
       throw er
     }
-  }).finally(cleanup)
+  })
 }
 
 module.exports = runScriptPkg
diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json
index a6629826d29c..551dc610f491 100644
--- a/node_modules/@npmcli/run-script/package.json
+++ b/node_modules/@npmcli/run-script/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/run-script",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
   "author": "GitHub Inc.",
   "license": "ISC",
diff --git a/package-lock.json b/package-lock.json
index 2da0537a28dc..853fe2d7bf42 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -94,7 +94,7 @@
         "@npmcli/fs": "^2.1.0",
         "@npmcli/map-workspaces": "^2.0.3",
         "@npmcli/package-json": "^2.0.0",
-        "@npmcli/run-script": "^4.2.0",
+        "@npmcli/run-script": "^4.2.1",
         "abbrev": "~1.1.1",
         "archy": "~1.0.0",
         "cacache": "^16.1.1",
@@ -1057,9 +1057,9 @@
       }
     },
     "node_modules/@npmcli/run-script": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.2.0.tgz",
-      "integrity": "sha512-e/QgLg7j2wSJp1/7JRl0GC8c7PMX+uYlA/1Tb+IDOLdSM4T7K1VQ9mm9IGU3WRtY5vEIObpqCLb3aCNCug18DA==",
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.2.1.tgz",
+      "integrity": "sha512-7dqywvVudPSrRCW5nTHpHgeWnbBtz8cFkOuKrecm6ih+oO9ciydhWt6OF7HlqupRRmB8Q/gECVdB9LMfToJbRg==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/node-gyp": "^2.0.0",
diff --git a/package.json b/package.json
index 902dac43bd8a..e44f524e111a 100644
--- a/package.json
+++ b/package.json
@@ -62,7 +62,7 @@
     "@npmcli/fs": "^2.1.0",
     "@npmcli/map-workspaces": "^2.0.3",
     "@npmcli/package-json": "^2.0.0",
-    "@npmcli/run-script": "^4.2.0",
+    "@npmcli/run-script": "^4.2.1",
     "abbrev": "~1.1.1",
     "archy": "~1.0.0",
     "cacache": "^16.1.1",