diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 330472d..f94720c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,7 @@ on:
   pull_request:
     branches:
       - "**"
+  workflow_dispatch:
 
 jobs:
   build:
@@ -24,6 +25,14 @@ jobs:
           test -d dist/components || exit 1
           test -f dist/components/components.jsonld || exit 1
           test -f dist/components/context.jsonld || exit 1
+      - name: Save build
+        uses: actions/upload-artifact@v6
+        with:
+          name: build
+          path: |
+            .
+            !node_modules
+          retention-days: 1
 
   test:
     strategy:
@@ -41,3 +50,56 @@ jobs:
       - run: npm test
         env:
           CI: true
+
+
+  npm-publish-build:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read
+    steps:
+      - uses: actions/download-artifact@v7
+        with:
+          name: build
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 20.x
+          registry-url: 'https://registry.npmjs.org'
+      - name: Update npm to latest (required for OIDC)
+        run: npm install -g npm@latest
+      - uses: rlespinasse/github-slug-action@v4.x
+      - name: Append commit hash to package version
+        run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json'
+      - name: Disable prepare script to avoid rebuild
+        run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json'
+      - name: Disable pre- and post-publish actions
+        run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
+      - name: Publish to npm
+        if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
+        run: npm publish --tag ${{ env.GITHUB_REF_SLUG }}
+
+  npm-publish-latest:
+    needs: [build, npm-publish-build]
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read
+    steps:
+      - uses: actions/download-artifact@v7
+        with:
+          name: build
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 20.x
+          registry-url: 'https://registry.npmjs.org'
+      - name: Update npm to latest (required for OIDC)
+        run: npm install -g npm@latest
+      - name: Disable prepare script to avoid rebuild
+        run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json'
+      - name: Disable pre- and post-publish actions
+        run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
+      - name: Publish to npm
+        if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
+        run: npm publish --tag latest
diff --git a/package.json b/package.json
index e79128a..1339259 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,10 @@
   "name": "css-profile-handler",
   "version": "7.0.0",
   "description": "A Community Solid Server module for managing user profiles",
-  "repository": "https://github.com/theodi/css-profile-handler.git",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/theodi/css-profile-handler.git"
+  },
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "lsd:module": "https://linkedsoftwaredependencies.org/bundles/npm/css-profile-handler",