You can't even install the package without running arbitrary code, that's quite different from most other package managers for languages.