diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
index 942d1a3..550ade3 100644
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -4,7 +4,8 @@ on:
     types: [created]
 
 permissions:
-  contents: write  # we need to read secrets
+  contents: read  # we need to read secrets
+  id-token: write
   
 jobs:
   build:
@@ -17,6 +18,6 @@ jobs:
         with:
           registry-url: 'https://registry.npmjs.org'
       - name: Publish package on NPM 📦
-        run: npm publish
+        run: npm publish --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.npmrc b/.npmrc
deleted file mode 100644
index e511e2c..0000000
--- a/.npmrc
+++ /dev/null
@@ -1,3 +0,0 @@
-@staffbase:registry=https://registry.npmjs.org/
-always-auth=true
-//registry.npmjs.org/:_authToken=${NPM_TOKEN}