calebbrown
commented
1 year ago Ecosystems like Python, NPM, Ruby support creating CLI scripts during install (e.g. scripts in package.json).
A dynamic analysis step could invoke each of these scripts.
This is more important for languages like NPM where we only import the top level package. And also useful for Python to ensure any __main__ guarded sections are executed.
Some packages may include CLI binaries. We should try running them.