diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ede0d59..b56a5ed 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -168,10 +168,11 @@ jobs:
   publish-npm:
     name: 'Publish npm package'
     if: "startsWith(github.ref, 'refs/tags/v')"
-    needs: ['build', 'test-node', 'test-deno', 'test-bun', 'test-browser']
+    needs: ['test-node', 'test-deno', 'test-bun', 'test-browser']
     runs-on: 'ubuntu-latest'
     permissions:
       contents: 'read'
+      id-token: 'write'
     steps:
       - name: 'Checkout'
         uses: 'actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11'
@@ -191,13 +192,13 @@ jobs:
         run: |
           PKG_NAME="$(jq -r '.name' ./package.json)"; PKG_VERSION="$(jq -r '.version' ./package.json)"
           if [ "$(npm view "${PKG_NAME:?}" versions --json | jq -r --arg v "${PKG_VERSION:?}" 'index($v)')" = 'null' ]; then
-            npm publish
+            npm publish --provenance --access public
           fi
 
   publish-github-release:
     name: 'Publish GitHub release'
     if: "startsWith(github.ref, 'refs/tags/v')"
-    needs: ['build', 'test-node', 'test-deno', 'test-bun', 'test-browser']
+    needs: ['test-node', 'test-deno', 'test-bun', 'test-browser']
     runs-on: 'ubuntu-latest'
     permissions:
       contents: 'write'