diff --git a/.github/workflows/npm-release.yaml b/.github/workflows/npm-release.yaml
new file mode 100644
index 0000000..04c071a
--- /dev/null
+++ b/.github/workflows/npm-release.yaml
@@ -0,0 +1,14 @@
+name: Publish package
+on:
+  release:
+    types: [created]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  publish:
+    uses: expressjs/ci-workflows/.github/workflows/publish.yaml@release-reusable-action
+    secrets:
+      NPM_PUBLISH: ${{ secrets.NPM_PUBLISH }} 
diff --git a/.github/workflows/pr-audit.yaml b/.github/workflows/pr-audit.yaml
new file mode 100644
index 0000000..00ba838
--- /dev/null
+++ b/.github/workflows/pr-audit.yaml
@@ -0,0 +1,11 @@
+name: Audit PR
+on:
+  push:
+
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+  tests:
+    uses: expressjs/ci-workflows/.github/workflows/tests.yaml@release-reusable-action
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
deleted file mode 100644
index 742a93e..0000000
--- a/.github/workflows/publish.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: Publish package
-on:
-  release:
-    types: [created]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    environment: prod
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: NPM install
-        run: npm install
-
-      - name: Version
-        if: github.event_name == 'release' && github.event.action == 'created'
-        run: |
-          VERSION=${{ github.event.release.tag_name }}
-          echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
-
-      - name: Version npm
-        if: github.event_name == 'release' && github.event.action == 'created'
-        run: |
-          CURRENT_VERSION=$(npm pkg get version | tr -d '"')
-          if [ "$CURRENT_VERSION" != "$VERSION" ]; then
-            npm version $VERSION --no-git-tag-version
-          else
-            echo "Version already set to $VERSION, skipping npm version command"
-          fi
-
-      - name: publish
-        env:
-          NPM_TOKEN: ${{secrets.NPM_TOKEN}}
-        run: rm -rf node-module .github package-lock.json && npm publish --access public
diff --git a/package.json b/package.json
index ad5e78e..07a2aa4 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,8 @@
   "description": "Demo of a secure setup to automatically publish on npm",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "echo test",
+    "lint": "echo lint"
   },
   "repository": {
     "type": "git",