Most devs don't think twice about `npm install` or `pip install`. But those commands can execute arbitrary code — before your app even starts. A malicious package doesn't need to exploit anything. It just needs to run during install, scan `process.env` for keys and tokens, and POST them somewhere. That's it. This isn't theoretical. In March 2026, Trivy's release pipeline was compromised. A malicious version hit PyPI and CI runners. LiteLLM got caught in the blast — two versions silently collected SSH keys, cloud credentials, Kubernetes tokens, and DB passwords from anyone who installed them. **The uncomfortable part:** most CI pipelines install packages in the same job that holds production secrets. One bad dependency, and it's all exposed. A few things worth doing: - Lock your dependencies (`package-lock.json`, `--require-hashes`) - Pin GitHub Actions to full commit SHAs, not `@v1` - Never let the install step see your runtime secrets - Watch outbound traffic from build environments Full breakdown here → https://www.eliranturgeman.com/2026/03/28/supply-chain-attacks/