Some MFA requirement to publish a new version of the package would be a good idea. In me experience releasing a new version of software is a big enough deal that the product owner is on hand to authorize the release via a separate device no matter how automated the pipeline is.