diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 69b0a29f7..1be6f9ea1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -181,14 +181,18 @@ jobs:
     name: NPM
     runs-on: ubuntu-latest
     needs: build
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@v6
 
+      - run: corepack enable
+
       - uses: actions/setup-node@v6
         with:
           node-version: 20
-          registry-url: https://registry.npmjs.org
           cache: npm
           cache-dependency-path: typescript/package-lock.json
 
@@ -210,23 +214,3 @@ jobs:
       - run: npm run publish
         if: ${{ startsWith(github.ref, 'refs/tags/v') }}
         working-directory: typescript
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
-
-  dependabot:
-    name: Dependabot
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
-    steps:
-      - name: Automatically approve dependabot PRs
-        uses: octokit/request-action@v2.x
-        with:
-          route: POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews
-          owner: ${{ github.event.repository.owner.login }}
-          repo: ${{ github.event.repository.name }}
-          pull_number: ${{ github.event.pull_request.number }}
-          event: APPROVE
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 000000000..6c2dc8b9b
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,22 @@
+name: Dependabot
+
+on:
+  pull_request:
+
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Approve Dependabot PR
+        uses: octokit/request-action@v2.x
+        with:
+          route: POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews
+          owner: ${{ github.event.repository.owner.login }}
+          repo: ${{ github.event.repository.name }}
+          pull_number: ${{ github.event.pull_request.number }}
+          event: APPROVE
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/post-release.yml
similarity index 83%
rename from .github/workflows/release.yml
rename to .github/workflows/post-release.yml
index 2f56e530e..d8941e41f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/post-release.yml
@@ -1,4 +1,4 @@
-name: Release
+name: Post Release
 
 on:
   push:
@@ -6,7 +6,7 @@ on:
 
 jobs:
   homebrew:
-    name: Bump Homebrew formula
+    name: Bump Homebrew Formula
     runs-on: ubuntu-latest
     steps:
       - uses: mislav/bump-homebrew-formula-action@v3
diff --git a/.prettierrc.json b/.prettierrc.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/.prettierrc.json
@@ -0,0 +1 @@
+{}
diff --git a/pkg/dbmate/version.go b/pkg/dbmate/version.go
index a99a1d324..da3912c38 100644
--- a/pkg/dbmate/version.go
+++ b/pkg/dbmate/version.go
@@ -1,4 +1,4 @@
 package dbmate
 
 // Version of dbmate
-const Version = "2.29.0"
+const Version = "2.29.1"
diff --git a/typescript/package.json b/typescript/package.json
index 86594fca2..2b4535b07 100644
--- a/typescript/package.json
+++ b/typescript/package.json
@@ -1,5 +1,6 @@
 {
   "private": true,
+  "packageManager": "npm@11.7.0",
   "scripts": {
     "clean": "rimraf dist packages/dbmate/dist",
     "lint": "eslint --report-unused-disable-directives --fix .",
diff --git a/typescript/packages/dbmate/package.json b/typescript/packages/dbmate/package.json
index 56d246b59..dd5678b96 100644
--- a/typescript/packages/dbmate/package.json
+++ b/typescript/packages/dbmate/package.json
@@ -2,7 +2,10 @@
   "name": "dbmate",
   "version": "",
   "description": "A lightweight, framework-agnostic database migration tool",
-  "repository": "https://github.com/amacneil/dbmate",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/amacneil/dbmate.git"
+  },
   "homepage": "https://github.com/amacneil/dbmate#readme",
   "author": "Adrian Macneil",
   "license": "MIT",
@@ -15,7 +18,9 @@
     "schema",
     "sqlite"
   ],
-  "bin": "./dist/cli.js",
+  "bin": {
+    "dbmate": "dist/cli.js"
+  },
   "main": "./dist/index.js",
   "files": [
     "dist"
diff --git a/typescript/packages/template/package.json b/typescript/packages/template/package.json
index 06e1b1e03..b948834a6 100644
--- a/typescript/packages/template/package.json
+++ b/typescript/packages/template/package.json
@@ -2,7 +2,12 @@
   "name": "{{name}}",
   "version": "{{version}}",
   "description": "The {{jsOS}} {{jsArch}} binary for dbmate",
-  "repository": "https://github.com/amacneil/dbmate",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/amacneil/dbmate.git"
+  },
+  "homepage": "https://github.com/amacneil/dbmate#readme",
+  "author": "Adrian Macneil",
   "license": "MIT",
   "preferUnplugged": true,
   "os": [
diff --git a/typescript/publish.ts b/typescript/publish.ts
index 6c0e4d935..ffd4d0f8a 100644
--- a/typescript/publish.ts
+++ b/typescript/publish.ts
@@ -8,7 +8,17 @@ async function main() {
   );
 
   for (const pkg of packages) {
-    await exec("npm", ["publish", "--access", "public", pkg]);
+    // Unset NODE_AUTH_TOKEN to avoid conflicts with OIDC trusted publishing
+    delete process.env.NODE_AUTH_TOKEN;
+    await exec("corepack", ["npm", "--version"]);
+    await exec("corepack", [
+      "npm",
+      "publish",
+      "--provenance",
+      "--access",
+      "public",
+      pkg,
+    ]);
   }
 }