Add post install script informing about security holding packages

[laurinenas]

Suggestion:

Inform the user that package has been compromised and replaced with security holder.

Why?

Some of the packages get more than a million weekly downloads (e.g. fs). If a message was added the users could at least trim their dependencies and remove unnecessary downloads, slightly reducing global internet usage, electricity waste, etc