From 98b7a380506e9cf0b2a8344f7270d54d56db3d2f Mon Sep 17 00:00:00 2001
From: Tatsunori Uchino <tats.u@live.jp>
Date: Fri, 13 Mar 2026 23:42:50 +0900
Subject: [PATCH] fix: make it easier to reliably get provenance

---
 .github/workflows/release.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 68f22a7..bb8a154 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,9 +39,10 @@ jobs:
         run: pnpm install
 
       - name: Publish
-        uses: JS-DevTools/npm-publish@v3
+        uses: JS-DevTools/npm-publish@v4
         with:
-          token: empty
+          # token: empty # unnecessary if you use trusted publishing via OIDC
+          provenance: true
 
       - name: Create GitHub Release
         uses: ncipollo/release-action@v1