alt Hacker NewsIt does largely avoid the issue if you configure to allow only specific environments AND you require reviews before pushing/merging to branches in that environment.
https://docs.pypi.org/trusted-publishers/adding-a-publisher/
For a malicious version to be published would then require full merge which is a fairly high bar.
AWS allows similar
As we're seeing, properly configuring github actions is rather hard. By default force pushes are allowed on any branch.