Comment by ants_everywhere

Not from a the malicious branch.

By hypothesis the code only deploys from code committed to the main branch (or whatever the blessed branch for CI is). To create a GitHub Action that can deploy the code, the package maintainer must first manually approve and merge the malicious commit.

And the malware spreads by publishing new versions of NPM packages using credentials on the package owner's development machine. If the package owner didn't have credentials with publish access, this wouldn't spread like a worm. And if they had reproducible builds they wouldn't pull a new version of their dependencies from NPM at build time because they'd have to have pinned specific versions with specific hashes to get reproducibility.

Under these hypotheses it can spread, but only if the package owner manually pins a malicious version or manually approves a malicious commit.