diff --git a/.github/workflows/package-crates.yml b/.github/workflows/package-crates.yml
index 5dbed7d..e8e100f 100644
--- a/.github/workflows/package-crates.yml
+++ b/.github/workflows/package-crates.yml
@@ -26,7 +26,10 @@ on:
     secrets:
       CARGO_REGISTRY_TOKEN:
         description: An authentication token for crates.io
-        required: true
+        required: false
+
+permissions:
+  id-token: write
 
 jobs:
   package:
@@ -67,7 +70,11 @@ jobs:
           done < <(jq -r '.grammars[].path // "."' tree-sitter.json)
         env:
           TREE_SITTER_ABI_VERSION: ${{inputs.abi-version}}
+      - name: Set up registry token
+        id: auth
+        if: secrets.CARGO_REGISTRY_TOKEN == ''
+        uses: rust-lang/crates-io-auth-action@v1
       - name: Publish to crates.io
         run: cargo publish
         env:
-          CARGO_REGISTRY_TOKEN: ${{secrets.CARGO_REGISTRY_TOKEN}}
+          CARGO_REGISTRY_TOKEN: ${{secrets.CARGO_REGISTRY_TOKEN || steps.auth.outputs.token}}
diff --git a/.github/workflows/package-npm.yml b/.github/workflows/package-npm.yml
index f5b0e1d..d6daf59 100644
--- a/.github/workflows/package-npm.yml
+++ b/.github/workflows/package-npm.yml
@@ -26,7 +26,10 @@ on:
     secrets:
       NODE_AUTH_TOKEN:
         description: An authentication token for npm
-        required: true
+        required: false
+
+permissions:
+  id-token: write
 
 defaults:
   run:
diff --git a/.github/workflows/package-pypi.yml b/.github/workflows/package-pypi.yml
index ab1558c..9c6adf4 100644
--- a/.github/workflows/package-pypi.yml
+++ b/.github/workflows/package-pypi.yml
@@ -24,10 +24,12 @@ on:
         default: 15
         type: number
     secrets:
-      # TODO: make optional when pypi/warehouse#11096 is fixed
       PYPI_API_TOKEN:
         description: An authentication token for pypi
-        required: true
+        required: false
+
+permissions:
+  id-token: write
 
 jobs:
   build_sdist:
@@ -140,8 +142,6 @@ jobs:
     environment:
       name: ${{inputs.environment-name}}
       url: https://pypi.org/project/${{inputs.package-name}}/
-    # permissions:
-    #   id-token: write
     steps:
       - name: Download build artifacts
         uses: actions/download-artifact@v7
diff --git a/README.md b/README.md
index 3eabb9b..47c6fc7 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ inputs:
     type: string
   node-version:
     description: The NodeJS version
-    default: ${{vars.NODE_VERSION || '22'}}
+    default: ${{vars.NODE_VERSION || 'lts/*'}}
     type: string
   generate:
     description: Generate the parser artifacts
@@ -118,9 +118,13 @@ inputs:
 secrets:
   NODE_AUTH_TOKEN:
     description: An authentication token for npm
-    required: true
+    required: false
 ```
 
+> [!NOTE]
+> [Trusted Publishing](https://docs.npmjs.com/trusted-publishers)
+> will be used if `NODE_AUTH_TOKEN` is not set.
+
 ### crates options
 
 ```yaml
@@ -148,9 +152,13 @@ inputs:
 secrets:
   CARGO_REGISTRY_TOKEN:
     description: An authentication token for crates.io
-    required: true
+    required: false
 ```
 
+> [!NOTE]
+> [Trusted Publishing](https://crates.io/docs/trusted-publishing)
+> will be used if `CARGO_REGISTRY_TOKEN` is not set.
+
 ### pypi options
 
 ```yaml
@@ -178,9 +186,13 @@ inputs:
 secrets:
   PYPI_API_TOKEN:
     description: An authentication token for pypi
-    required: true
+    required: false
 ```
 
+> [!NOTE]
+> [Trusted Publishing](https://docs.pypi.org/trusted-publishers/)
+> will be enabled if `PYPI_API_TOKEN` is not set.
+
 ### maven options
 
 ```yaml