These malicious npm packages often “phone home” during install or runtime, opening C2 channels, exfiltrating env vars, or beaconing quietly in the background. Static checks and SBOMs rarely catch that kind of dynamic behavior. With AI-generated or auto-installing code pipelines, that risk gets amplified since installs happen more often and less predictably. Watching what packages do at runtime feels like the next frontier here.