The Pkg.build step is somewhat deprecated, I think very few packages use it nowadays, also to promote immutability of packages directories. But in the end, why worrying about arbitrary code run during the build step if the package you’re going to install can also run arbitrary code?
2 Likes