Several supply chain attacks, notably in the Python and Javascript ecosystem, exploit install time hooks to perform malicious activity 1 2. Install time hooks allow running arbitray code before or after package installation. Since attacks utilizing install time hooks do not involve developers actually using the package, it makes them an attractive method for attackers. The most common behaviour observed in known supply chain attacks is data exflitration 1 2.. Common targets include ssh keys, passwords, dotfiles, environment variables etc....