Checkout this GitHub Actions workflow where the outbound calls made by some of these malicious packages are detected. Harden-Runner GitHub Action detects and blocks outbound calls for this exact reason - to identity malicious packages. https://github.com/varunsh-coder/supply-chain-goat/actions/r...