A classic programmer's joke is relevant here: There are three hard problems in computer science: naming things and off-by-one errors.

Off-by-one errors are things like buffer overflows. But the first problem, naming things, is most relevant in this case. You reference a name and somehow get the wrong data/code -- it's odd that this isn't well-understood at places like Github and NPM, despite being the subject of an old joke.

You've heard of Not Invented Here syndrome (NIH). If you generalize NIH, you get Not Learned Here syndrome (NLH), in which a person/organization only learns lessons through their own experience, rather than through the experience of others. This is a syndrome, because the sufferer is all but guaranteed to learn the wrong things from their experience, whereas reading about others' experiences all but guarantees that you'd learn the right things.

If you further generalize NIH, you get Never Gonna Learn syndrome (NGL), in which the person/organization is totally incapable of learning certain categories of lessons. At this level, the sufferer is so tied up with unproductive tasks (e.g. meetings, regulatory compliance, etc) that they barely have time to do their work. As a result, they have no time to learn anything that isn't related to specific work tasks. When you are designing a new feature for your PaaS, you don't even realize that you need to learn about certain security edge-cases.

Seems this guy spoke about how to protect GitHub Actions Repositories a couple of days ago:

Bookmarked to read tomorrow, sounds interesting