diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
index 6c14a170c..356c52cd5 100644
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -1,6 +1,11 @@
 name: Install & setup
 description: Install's node, pnpm, restores cache, and then installs dependencies
 
+inputs:
+  node-version:
+    description: the version of Node.js to install
+    default: 18.x
+
 runs:
   using: 'composite'
   steps:
@@ -8,7 +13,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: 18.x
+        node-version: ${{ inputs.node-version }}
 
     # Install pnpm. https://github.com/pnpm/action-setup
     - uses: pnpm/action-setup@v4
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 8d262636c..308f9ba07 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -14,8 +14,8 @@ jobs:
         steps:
             - name: Checkout
               uses: actions/checkout@v4
-            - uses: ./.github/actions/lint
             - uses: ./.github/actions/setup
+            - uses: ./.github/actions/lint
             - uses: ./.github/actions/test
             - uses: ./.github/actions/local/build
             - uses: ./.github/actions/local/e2e
\ No newline at end of file
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
index 37fbfe949..42c5b9eb4 100644
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@@ -19,11 +19,6 @@ jobs:
         # https://github.com/actions/checkout
         uses: actions/checkout@v4
 
-      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
-        with:
-          registry-url: "https://registry.npmjs.org"
-
       - uses: ./.github/actions/setup
 
       - name: Install dependencies
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 53980ac0c..98b59e781 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,10 @@ on:
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   release:
     name: Release
@@ -17,6 +21,12 @@ jobs:
         uses: actions/checkout@v4
 
       - uses: ./.github/actions/setup
+        with:
+          # Ensure npm 11.5.1 or later is installed
+          # See https://docs.npmjs.com/trusted-publishers
+          node-version: 24
+          registry-url: "https://registry.npmjs.org"
+
       - uses: ./.github/actions/lint
 
       - name: Create Release Pull Request or Publish to npm
@@ -29,7 +39,6 @@ jobs:
           publish: pnpm run release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: View outputs
         run: echo ${{join(steps.changesets.outputs.*, ' ')}}
diff --git a/.github/workflows/v2-release.yml b/.github/workflows/v2-release.yml
index fb21527d2..7f7691e4c 100644
--- a/.github/workflows/v2-release.yml
+++ b/.github/workflows/v2-release.yml
@@ -11,11 +11,6 @@ jobs:
         # https://github.com/actions/checkout
         uses: actions/checkout@v4
 
-      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
-        with:
-          registry-url: "https://registry.npmjs.org"
-
       - uses: ./.github/actions/setup
 
       - name: Publish Pre-release to npm