Skip to content

Disable runtime dependency installs by default #14

Open
Open
Disable runtime dependency installs by default#14
Labels
securitysecurity related
Milestone
Network & Dependency Safety
@las7

Description

@las7
las7
opened on Feb 18, 2026

Problem

Installing dependencies at runtime enables arbitrary code execution and outbound network access.

Proposed change

  • Default to pre-built images only.
  • Runtime dependency install requires explicit job opt-in.

Acceptance criteria

  • Untrusted jobs cannot fetch packages at runtime.
  • Docs recommend image-based workflows.

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitysecurity related

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions