I have been thinking about this exact issue for several months now, or really the better part of 2021.
There is a solution to this. It is quite simple actually, but harder to do for languages that involve compiled modules like Java or C# that are downloaded from public package managers.
You have inspired me to write up the solution and how to implement it in PHP (which I have done for years now), but most PHP implementations are wide open to bad actors. And forget about Java and C# code bases. The security hole is 50 miles wide.