For what it's worth: `pip download` is capable of running arbitrary package-defined code[1], by design. You shouldn't use it as a security boundary.

If you're trying to statically analyze a distribution before doing anything else with it, you should download it directly from the PEP 503[2] simple index.

[1]: https://yossarian.net/res/pub/hushcon-west-2022.pdf

[2]: https://peps.python.org/pep-0503/