diff --git a/.github/workflows/deploy-pg-protocol.yml b/.github/workflows/deploy-pg-protocol.yml
index af07e88a0..8b2418d68 100644
--- a/.github/workflows/deploy-pg-protocol.yml
+++ b/.github/workflows/deploy-pg-protocol.yml
@@ -13,25 +13,31 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      
+
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: '18'
           registry-url: 'https://registry.npmjs.org'
-      
+
       - name: Install dependencies
         run: yarn install --frozen-lockfile
-      
+
       - name: Build package
         run: cd packages/pg-protocol && yarn build
-      
+
+      # Ensure npm 11.5.1 or later is installed for trusted publishing support
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Publish to npm
         run: cd packages/pg-protocol && npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} 
diff --git a/.github/workflows/deploy-pg.yml b/.github/workflows/deploy-pg.yml
index b8f170265..3ba4c7919 100644
--- a/.github/workflows/deploy-pg.yml
+++ b/.github/workflows/deploy-pg.yml
@@ -13,6 +13,10 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
@@ -28,7 +32,9 @@ jobs:
       - name: Install dependencies
         run: yarn install --frozen-lockfile
 
+      # Ensure npm 11.5.1 or later is installed for trusted publishing support
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Publish to npm
         run: cd packages/pg && npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}