Checkout this GitHub Actions workflow where the outbound calls made by some of these malicious packages are detected. Harden-Runner GitHub Action detects and blocks outbound calls for this exact reason - to identity malicious packages.
<a href="https://github.com/varunsh-coder/supply-chain-goat/actions/runs/2036805074" rel="nofollow">https://github.com/varunsh-coder/supply-chain-goat/actions/r...</a>