Andrew NesbittDec 6
The package manager in GitHub Actions might be the worst package manager in use today: https://nesbitt.io/2025/12/06/github-actions-package-manager.html
GitHub Actions Has a Package Manager, and It Might Be the Worst

GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning

Andrew Nesbitt
Show threadPradyun Gedam
@andrewnez I've been looking forward to this blog post. 😅
Dec 6 at 2:57pmPhanpy