PyPI packages with malicious install scripts! https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ (so few PLs have opt-in install scripts or run them in sandboxes)