diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index b2a4686..1c44b8f 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -1,7 +1,13 @@
 name: Node.js Package on npm
+
 on:
   release:
     types: [created]
+
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
     name: Build & Publish
@@ -16,7 +22,3 @@ jobs:
     - run: npm version ${{ github.event.release.tag_name }} --allow-same-version --no-git-tag-version
     - run: npm install
     - run: npm publish
-      env:
-        NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
-        NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
diff --git a/.github/workflows/track_dependencies.yml b/.github/workflows/track_dependencies.yml
index c1c8ed8..df33586 100644
--- a/.github/workflows/track_dependencies.yml
+++ b/.github/workflows/track_dependencies.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   dependency_track:
     runs-on: ubuntu-latest