diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
index 9706eb8f..2b5828b7 100644
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   prerelease:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
@@ -37,7 +40,7 @@ jobs:
         run: npm version ${{ steps.extract.outputs.version }}-${{ steps.extract.outputs.tag }}
       - name: Push changes
         run: git push --follow-tags
-      - name: Run npm publish
+      - name: Run npm publish --provenance
         run: npm publish --tag=${{ steps.extract.outputs.tag }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index a8aec438..2b1f3e5f 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -6,6 +6,10 @@ on:
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
     steps:
       - uses: navikt/github-app-token-generator@a3831f44404199df32d8f39f7c0ad9bb8fa18b1c
         id: get-token
@@ -28,7 +32,7 @@ jobs:
           check-latest: true
           registry-url: 'https://registry.npmjs.org'
         if: ${{ steps.release.outputs.release_created }}
-      - run: npm publish
+      - run: npm publish --provenance
         if: ${{ steps.release.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
diff --git a/package.json b/package.json
index 5d8d3b17..91da1ab9 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
   },
   "keywords": [],
   "license": "MIT",
-  "repository": "netlify/functions",
+  "repository": "https://github.com/netlify/functions",
   "bugs": {
     "url": "https://github.com/netlify/functions/issues"
   },