diff --git a/.github/workflows/release-dev.yml b/.github/workflows/release-dev.yml
deleted file mode 100644
index 26d2565..0000000
--- a/.github/workflows/release-dev.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: Build & Publish NPM Package - DEV
-description: This workflow builds and publishes the NPM package when a version tag is pushed.
-
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+-dev.[0-9]+'
-
-jobs:
-  build-and-publish:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js environment
-        uses: actions/setup-node@v4 # Latest version to set up Node.js
-        with:
-          node-version: 'lts/*' # Use the latest LTS version of Node.js
-          registry-url: 'https://registry.npmjs.org/' # Important: Specify the npm registry
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: Build package
-        run: npm run build
-
-      - name: Publish to npm
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          # for public packages, include --access public
-          npm publish --access public --tag dev
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e242684..e332d77 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,18 +1,27 @@
 name: Build & Publish NPM Package
-description: This workflow builds and publishes the NPM package when a version tag is pushed.
+description: Build and publish to npm (prod/dev) using Trusted Publishers.
 
 on:
   push:
     tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v*.*.*'          # prod releases, e.g. v1.2.3
+      - 'v*.*.*-dev.*'    # dev releases, e.g. v1.2.3-dev.4
 
 jobs:
   build-and-publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write   # Required for npm Trusted Publishers (OIDC)
 
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 'lts/*'
 
       - name: Install dependencies
         run: npm install
@@ -20,9 +29,10 @@ jobs:
       - name: Build package
         run: npm run build
 
-      - name: Publish to npm
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          # for public packages, include --access public
-          npm publish --access public
\ No newline at end of file
+      - name: Publish dev tag to npm (Trusted Publishers)
+        if: contains(github.ref_name, '-dev.')
+        run: npm publish --provenance --access public --tag dev
+
+      - name: Publish latest to npm (Trusted Publishers)
+        if: ${{ !contains(github.ref_name, '-dev.') }}
+        run: npm publish --provenance --access public
\ No newline at end of file
diff --git a/package.json b/package.json
index d50e8ab..3a60127 100644
--- a/package.json
+++ b/package.json
@@ -2,6 +2,10 @@
   "name": "@gisatcz/ptr-be-core",
   "version": "0.0.1",
   "description": "Shared core library for PTR BE services",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Gisat/ptr-be-core.git"
+  },
   "type": "module",
   "files": [
     "dist/"