When installing dependencies, package managers like ``++npm++`` will
automatically execute shell scripts distributed along with the source code.
Post-install scripts, for example, are a common way to execute malicious code
at install time whenever a package is compromised.