diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9d7244d..6079111 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,12 +5,19 @@ on:
     tags:
       - 'v*'
 
-permissions:
-  contents: write
+permissions: {}
+
+concurrency:
+  group: release-${{ github.ref_name }}
+  cancel-in-progress: false
 
 jobs:
   release:
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: write
+      id-token: write
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
@@ -31,8 +38,8 @@ jobs:
             node-version-file: '.nvmrc'
             registry-url: 'https://registry.npmjs.org'
 
-      - run: pnpm install
-      
+      - run: pnpm install --frozen-lockfile
+
       - name: Build
         run: pnpm build
 
@@ -59,6 +66,4 @@ jobs:
           echo "Using npm tag: $NPM_TAG"
 
       - name: Publish to npm
-        run: pnpm -r publish --access public --no-git-checks --tag ${{ steps.determine_npm_tag.outputs.npm_tag }}
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file
+        run: pnpm -r publish --provenance --access public --no-git-checks --tag ${{ steps.determine_npm_tag.outputs.npm_tag }}
\ No newline at end of file
diff --git a/package.json b/package.json
index 64b09b5..d4af143 100644
--- a/package.json
+++ b/package.json
@@ -10,6 +10,7 @@
 		"test": "vitest",
 		"typecheck": "tsc --noEmit",
 		"build": "unbuild",
+		"bump": "bumpp",
 		"lint:fix": "biome check . --write"
 	},
 	"keywords": [
@@ -22,7 +23,7 @@
 	"author": "Bereket Engida",
 	"repository": {
 		"type": "git",
-		"url": "https://github.com/better-auth/utils"
+		"url": "git+https://github.com/better-auth/utils.git"
 	},
 	"devDependencies": {
 		"@biomejs/biome": "^1.9.4",