No.1: Run untrusted code in a sandbox! https://github.com/sandbox-utils/sandbox-venv

Most of the best practices can be translated to python ecosystem. It’s not exact 1:1 mapping but change few key terms and tools, the underlying practices should be the same.

Or copy that repo’s markdown into an llm and ask it to map to the pip ecosystem