diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
index 24498228c8..0c7d00aacf 100644
--- a/.github/workflows/releases.yml
+++ b/.github/workflows/releases.yml
@@ -242,13 +242,16 @@ jobs:
             echo "📦 Publishing stable version to crates.io: $VERSION"
           fi
 
-          cargo install cargo-workspaces --locked
+          cargo install cargo-workspaces@0.3.6 --locked
           cargo workspaces publish --from-git --yes
 
   publish-npm-packages:
     name: Publish NPM Packages
     runs-on: ubuntu-latest
     needs: validate-and-prepare
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -257,7 +260,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '22'
-          registry-url: 'https://registry.npmjs.org'
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
@@ -265,6 +267,9 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
+      - name: Build packages
+        run: pnpm build:ts
+
       - name: Determine npm tag
         id: npm_tag
         run: |
@@ -276,20 +281,25 @@ jobs:
             echo "📦 Publishing with 'latest' tag for stable release"
           fi
 
-      - name: Publish to npm
-        run: |
-          # Get the tag to use
-          TAG="${{ steps.npm_tag.outputs.tag }}"
-
-          # Build first
-          pnpm build:ts
-
-          # Publish each package explicitly with the correct tag
-          cd packages/enclave-config && npm publish --access public --tag $TAG --provenance && cd ../..
-          cd packages/enclave-contracts && npm publish --access public --tag $TAG --provenance && cd ../..
-          cd crates/wasm && npm publish --access public --tag $TAG --provenance && cd ../..
-          cd packages/enclave-sdk && npm publish --access public --tag $TAG --provenance && cd ../..
-          cd packages/enclave-react && npm publish --access public --tag $TAG --provenance && cd ../..
+      - name: Publish @enclave-e3/config
+        working-directory: packages/enclave-config
+        run: npm publish --access public --tag ${{ steps.npm_tag.outputs.tag }} --provenance
+
+      - name: Publish @enclave-e3/contracts
+        working-directory: packages/enclave-contracts
+        run: npm publish --access public --tag ${{ steps.npm_tag.outputs.tag }} --provenance
+
+      - name: Publish @enclave-e3/wasm
+        working-directory: crates/wasm
+        run: npm publish --access public --tag ${{ steps.npm_tag.outputs.tag }} --provenance
+
+      - name: Publish @enclave-e3/sdk
+        working-directory: packages/enclave-sdk
+        run: npm publish --access public --tag ${{ steps.npm_tag.outputs.tag }} --provenance
+
+      - name: Publish @enclave-e3/react
+        working-directory: packages/enclave-react
+        run: npm publish --access public --tag ${{ steps.npm_tag.outputs.tag }} --provenance
 
   create-github-release:
     name: Create GitHub Release