That's like recommending to use the xterm on Windows. Statistically, nobody uses their computer that way anymore. The world has moved on since the 1990s.
I was only not affected because I use a heavily customized VIM, but even there can I not control how package managers like npm, pip or composer or go are behaving, because they will happily execute the malware payloads on install.
And time wise it's an absurd thing to ask people to manually download all whl files of all their dependencies, extract all those files, and then check whether there was malware in them or not. It's simply not possible to do manually.
`cd folder` does nothing.