yes, that was my primary motivator.

I think, they have an malware detection engine of their own, so not only they help protect from known vulnerabilityes / malwares but also have thier own database

their blog: https://safedep.io/dynamic-analysis-oss-package-at-scale/

For GitHub Actions, i found http://safedep.io/ to be helpful, not only it guard against known attacks, but also it has its own malware detection engine.

Good resource