Been working on improving our python package detection. There are two PRs associated. 1. https://github.com/osquery/osquery/pull/8504 ^ This PR has been tested on linux/mac/windows and review feedback has been addressed a few times. I think it's in the final stretch 2. https://github.com/osquery/osquery/pull/8529 ^ This PR depends on code from 8504. But I will leave it in draft until 8504 gets merged, as there isn't a good way to change the base branch & open a PR against osquery upstream. This makes reading the actual diff pretty painful.