diff --git a/templates/cli/.github/workflows/npm-publish.yml b/templates/cli/.github/workflows/npm-publish.yml
index e29aa8b44..54ac35743 100644
--- a/templates/cli/.github/workflows/npm-publish.yml
+++ b/templates/cli/.github/workflows/npm-publish.yml
@@ -1,15 +1,21 @@
 name: Publish Package to npmjs
+
 on:
   release:
     types: [published]
+
+permissions:
+id-token: write
+  contents: read
+
 jobs:
-  build-for-linux-and-windows:
+  build-and-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: '16.x'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
       - name: Setup binfmt with QEMU
         run: | 
@@ -22,9 +28,9 @@ jobs:
           cd ./ldid
           sudo make
           sudo make install
-      - name: Install dependenices and build for Linux and Windows
+      - name: Install dependencies and build for Linux and Windows
         run: | 
-          npm install
+          npm ci
           npm run linux-x64
           npm run linux-arm64
           npm run windows-x64
@@ -35,13 +41,11 @@ jobs:
         run: |
           if ${{ contains(github.event.release.tag_name, '-rc') }}; then
             echo "Publishing Release Candidate ${{ github.event.release.tag_name}} to NPM"
-            npm publish --tag next
+            npm publish --provenance --access public --tag next
           else
             echo "Publishing ${{ github.event.release.tag_name}} to NPM"
-            npm publish
+            npm publish --provenance --access public
           fi
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_NO_ORG }}
       - uses: fnkr/github-action-ghr@v1
         env:
           GHR_PATH: build/
diff --git a/templates/node/.github/workflows/publish.yml.twig b/templates/node/.github/workflows/publish.yml.twig
index 6709acce9..deb69d2a5 100644
--- a/templates/node/.github/workflows/publish.yml.twig
+++ b/templates/node/.github/workflows/publish.yml.twig
@@ -5,6 +5,10 @@ on:
     types: [published]
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -16,7 +20,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: '20.x'
+        node-version: '22'
         registry-url: 'https://registry.npmjs.org'
 
     # Determine release tag based on the tag name
@@ -29,14 +33,12 @@ jobs:
           echo "tag=latest" >> "$GITHUB_OUTPUT"
         fi
 
-    # Install dependencies (if any) and build your project (if necessary)
+    # Install dependencies and build
     - name: Install dependencies and build
       run: |
-        npm install
+        npm ci
         npm run build
 
     # Publish to NPM with the appropriate tag
     - name: Publish
-      run: npm publish --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}
-      env:
-        NODE_AUTH_TOKEN: ${{ '{{' }} secrets.NPM_TOKEN_NO_ORG {{ '}}' }}
+      run: npm publish --provenance --access public --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}
diff --git a/templates/react-native/.github/workflows/publish.yml.twig b/templates/react-native/.github/workflows/publish.yml.twig
index 6709acce9..deb69d2a5 100644
--- a/templates/react-native/.github/workflows/publish.yml.twig
+++ b/templates/react-native/.github/workflows/publish.yml.twig
@@ -5,6 +5,10 @@ on:
     types: [published]
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -16,7 +20,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: '20.x'
+        node-version: '22'
         registry-url: 'https://registry.npmjs.org'
 
     # Determine release tag based on the tag name
@@ -29,14 +33,12 @@ jobs:
           echo "tag=latest" >> "$GITHUB_OUTPUT"
         fi
 
-    # Install dependencies (if any) and build your project (if necessary)
+    # Install dependencies and build
     - name: Install dependencies and build
       run: |
-        npm install
+        npm ci
         npm run build
 
     # Publish to NPM with the appropriate tag
     - name: Publish
-      run: npm publish --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}
-      env:
-        NODE_AUTH_TOKEN: ${{ '{{' }} secrets.NPM_TOKEN_NO_ORG {{ '}}' }}
+      run: npm publish --provenance --access public --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}
diff --git a/templates/web/.github/workflows/publish.yml.twig b/templates/web/.github/workflows/publish.yml.twig
index 6709acce9..deb69d2a5 100644
--- a/templates/web/.github/workflows/publish.yml.twig
+++ b/templates/web/.github/workflows/publish.yml.twig
@@ -5,6 +5,10 @@ on:
     types: [published]
   workflow_dispatch:
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -16,7 +20,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: '20.x'
+        node-version: '22'
         registry-url: 'https://registry.npmjs.org'
 
     # Determine release tag based on the tag name
@@ -29,14 +33,12 @@ jobs:
           echo "tag=latest" >> "$GITHUB_OUTPUT"
         fi
 
-    # Install dependencies (if any) and build your project (if necessary)
+    # Install dependencies and build
     - name: Install dependencies and build
       run: |
-        npm install
+        npm ci
         npm run build
 
     # Publish to NPM with the appropriate tag
     - name: Publish
-      run: npm publish --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}
-      env:
-        NODE_AUTH_TOKEN: ${{ '{{' }} secrets.NPM_TOKEN_NO_ORG {{ '}}' }}
+      run: npm publish --provenance --access public --tag ${{ '{{' }} steps.release_tag.outputs.tag {{ '}}' }}