diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e782cf0..2e0ce3a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,11 @@ on:
 jobs:
   release:
     runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'write'
+      issues: 'write'
+      pull-requests: 'write'
+      id-token: 'write'
     steps:
       - uses: 'actions/checkout@v3.5.2'
 
@@ -24,6 +29,9 @@ jobs:
 
       - run: 'npm run build:typescript'
 
+      - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
+        run: 'npm audit signatures'
+
       - name: 'Release'
         run: 'npm run release'
         env:
diff --git a/.npmrc b/.npmrc
index cffe8cd..3da3cf4 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,2 @@
 save-exact=true
+provenance=true
diff --git a/package-lock.json b/package-lock.json
index 46eba2a..d03cbbb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -48,7 +48,8 @@
         "typescript": "5.0.4"
       },
       "engines": {
-        "node": ">=16.0.0"
+        "node": ">=16.0.0",
+        "npm": ">=9.0.0"
       },
       "peerDependencies": {
         "socket.io": ">=3.0.0"
diff --git a/package.json b/package.json
index 8ea21bc..98a8273 100644
--- a/package.json
+++ b/package.json
@@ -11,10 +11,12 @@
     "build"
   ],
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=16.0.0",
+    "npm": ">=9.0.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "keywords": [
     "socket",