- Did someone already write a tool to front run `safety` or `pip-audit` before...

#pypi #python - Did someone already write a tool to front run `safety` or `pip-audit` before anything is installed? I guess something like "poetry lock" and then audit the files for suspicious situations, like CVEs or the repo was created yesterday or the package was published yesterday.

Installing everything then running `safety` imho has always been !@#$!@$ stupid because the malicious code runs during install.