There are various security exploits when downloading artifacts from a previous workflow:
Flowzone only uses this action for one job, npm finalize. If we can finalize in some way that does not require downloading artifacts from a previous run that would be much more secure.