This is a critical read for anyone installing CLI tools without auditing them first. The supply chain attack vector through developer tooling is arguably more dangerous than traditional phishing because we implicitly trust our dev environment. I've started running all new npm/pip packages in isolated Docker containers before adding them to production workflows — the overhead is minimal but the protection is significant. Would love to see a follow-up on detection strategies or sandboxing approaches for CLI tools.