diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
index 9b2e207..5ebff58 100644
--- a/.github/workflows/canary.yml
+++ b/.github/workflows/canary.yml
@@ -6,6 +6,10 @@ on:
         types:
             - created
 
+permissions:
+    id-token: write
+    contents: write
+
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
@@ -28,6 +32,14 @@ jobs:
                   node-version: '22'
                   cache: 'pnpm'
 
+            - name: Check and upgrade npm
+              run: |
+                  echo "Current npm version:"
+                  npm --version
+                  npm install -g npm@latest
+                  echo "Upgraded npm version:"
+                  npm --version
+
             - name: Install Dependencies
               run: pnpm install --frozen-lockfile
 
@@ -39,7 +51,6 @@ jobs:
               with:
                   github_token: ${{ secrets.ACTION_TOKEN }} # Add user PAT if necessary
                   npm_tag: canary # Specify the npm tag to use for deployment
-                  npm_token: ${{ secrets.NPM_TOKEN }} # Provide the token required for npm publishing
                   publish_script: pnpm run release:canary # Script to execute Canary deployment
                   packages_dir: packages # Directory of packages to detect changes (default: packages,share)
                   excludes: '.turbo,.github' # Files or directories to exclude from change detection
diff --git a/.github/workflows/rc.yml b/.github/workflows/rc.yml
index d111cad..3acaf88 100644
--- a/.github/workflows/rc.yml
+++ b/.github/workflows/rc.yml
@@ -9,6 +9,7 @@ on:
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 permissions:
+    id-token: write
     contents: write # to create release
 
 jobs:
@@ -34,6 +35,14 @@ jobs:
                   node-version: '22'
                   cache: 'pnpm'
 
+            - name: Check and upgrade npm
+              run: |
+                  echo "Current npm version:"
+                  npm --version
+                  npm install -g npm@latest
+                  echo "Upgraded npm version:"
+                  npm --version
+
             - name: Install Dependencies
               run: pnpm install --frozen-lockfile
 
@@ -45,7 +54,6 @@ jobs:
               with:
                   github_token: ${{ secrets.ACTION_TOKEN }} # Add user PAT if necessary
                   npm_tag: rc # Specify the npm tag to use for deployment
-                  npm_token: ${{ secrets.NPM_TOKEN }} # Provide the token required for npm publishing
                   publish_script: pnpm run release:canary # Script to execute Canary deployment
                   packages_dir: packages # Directory of packages to detect changes (default: packages,share)
                   excludes: '.turbo,.github' # Files or directories to exclude from change detection