diff --git a/.github/workflows/check-release.yml b/.github/workflows/check-release.yml
index 1dcf650e..22029032 100644
--- a/.github/workflows/check-release.yml
+++ b/.github/workflows/check-release.yml
@@ -15,8 +15,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/generate-changelog.yml b/.github/workflows/generate-changelog.yml
index e7e6e3d5..3e890e9c 100644
--- a/.github/workflows/generate-changelog.yml
+++ b/.github/workflows/generate-changelog.yml
@@ -32,8 +32,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml
index f308ac8a..4b8025b1 100644
--- a/.github/workflows/prep-release.yml
+++ b/.github/workflows/prep-release.yml
@@ -32,8 +32,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/prep-self-release.yml b/.github/workflows/prep-self-release.yml
index 647dbb63..b59e97a3 100644
--- a/.github/workflows/prep-self-release.yml
+++ b/.github/workflows/prep-self-release.yml
@@ -31,8 +31,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/publish-changelog.yml b/.github/workflows/publish-changelog.yml
index ee4d52f8..8ec872ad 100644
--- a/.github/workflows/publish-changelog.yml
+++ b/.github/workflows/publish-changelog.yml
@@ -16,8 +16,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
 
       - name: Install Dependencies
         shell: bash
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index a802be61..f8422fb8 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -21,8 +21,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/publish-self-release.yml b/.github/workflows/publish-self-release.yml
index 441c3ec1..ad9f9beb 100644
--- a/.github/workflows/publish-self-release.yml
+++ b/.github/workflows/publish-self-release.yml
@@ -21,8 +21,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Install Dependencies
         shell: bash
         run: |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ff693bb1..6920b85e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,8 +20,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - name: Run Linters
         run: |
           hatch run typing:test
@@ -34,8 +32,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - uses: jupyterlab/maintainer-tools/.github/actions/check-links@v1
         with:
           ignore_links: https://blog.jupyter.org/.*
@@ -50,8 +46,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
 
       - name: Run the tests with coverage on Ubuntu
         if: ${{ matrix.os == 'ubuntu-latest' }}
@@ -78,8 +72,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - env:
           GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           RH_REPOSITORY: jupyter-server/jupyter_releaser
@@ -111,7 +103,6 @@ jobs:
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
         with:
           dependency_type: minimum
-          node_version: "24.x"
       - name: Run the unit tests
         run: |
           hatch run test:nowarn || hatch run test:nowarn --lf
@@ -126,7 +117,6 @@ jobs:
         with:
           dependency_type: pre
           python_version: "3.12"
-          node_version: "24.x"
       - name: Run the tests
         run: |
           hatch run test:nowarn || hatch run test:nowarn --lf
@@ -137,8 +127,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
       - run: hatch run docs:build
 
   check_local_actions:
@@ -146,8 +134,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
-        with:
-          node_version: "24.x"
 
       - name: prep-release
         uses: ./.github/actions/prep-release
diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md
index 3f395529..079ab5a3 100644
--- a/docs/source/get_started/making_release_from_releaser.md
+++ b/docs/source/get_started/making_release_from_releaser.md
@@ -49,9 +49,40 @@ already uses Jupyter Releaser.
 
 </details>
 
-- If the repo generates npm release(s), add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` in "Secrets".
+- If the repo generates npm release(s), set up npm:
 
-> If you want to set _provenance_ on your package, you need to ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)).
+<details><summary>Using npm Trusted Publishers (recommended)</summary>
+
+- npm Trusted Publishers is supported with npm >= 11.5.1
+
+- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements))
+
+- Set up the Node.js version in your workflow using one of these approaches:
+
+  Using the `base-setup` action from `jupyterlab/maintainer-tools`:
+
+  ```yaml
+  - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
+  ```
+
+  Or using the standard `setup-node` action:
+
+  ```yaml
+  - uses: actions/setup-node@v6
+    with:
+      node-version: "24.x"
+  ```
+
+- With Trusted Publishers enabled, npm packages will be published without needing to store an `NPM_TOKEN` secret
+
+</details>
+
+<details><summary>Using NPM_TOKEN (legacy way)</summary>
+
+- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` in "Secrets"
+- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions))
+
+</details>
 
 ## Prep Release
 
diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md
index 0c1cf2f6..3267df40 100644
--- a/docs/source/how_to_guides/convert_repo_from_releaser.md
+++ b/docs/source/how_to_guides/convert_repo_from_releaser.md
@@ -10,7 +10,7 @@ See checklist below for details:
 - Bump version configuration (if using Python), for example [tbump](https://github.com/dmerejkowsky/tbump)
 - [Access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with access to target GitHub repo to run GitHub Actions.
 - Access token for the [PyPI registry](https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#saving-credentials-on-github)
-- If needed, access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens).
+- If publishing to npm, we recommend using [npm Trusted Publishers](https://docs.npmjs.com/trusted-publishers) (requires npm >= 11.5.1, available via Node.js >= 24). Otherwise, create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens).
 
 ## Checklist for Adoption
 
@@ -54,9 +54,40 @@ A. Prep the `jupyter_releaser` fork:
 
 </details>
 
-- [ ] If needed, add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`.
+- [ ] Set up npm (if publishing to npm):
 
-> If you want to set _provenance_ on your package, you need to ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)).
+<details><summary>Using npm Trusted Publishers (recommended)</summary>
+
+- npm Trusted Publishers is supported with npm >= 11.5.1
+
+- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements))
+
+- Set up the Node.js version in your workflow using one of these approaches:
+
+  Using the `base-setup` action from `jupyterlab/maintainer-tools`:
+
+  ```yaml
+  - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
+  ```
+
+  Or using the standard `setup-node` action:
+
+  ```yaml
+  - uses: actions/setup-node@v6
+    with:
+      node-version: "24.x"
+  ```
+
+- With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret
+
+</details>
+
+<details><summary>Using NPM_TOKEN (legacy way)</summary>
+
+- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`
+- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions))
+
+</details>
 
 B. Prep target repository:
 
diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md
index cae7bc50..6396fffe 100644
--- a/docs/source/how_to_guides/convert_repo_from_repo.md
+++ b/docs/source/how_to_guides/convert_repo_from_repo.md
@@ -9,7 +9,7 @@ See checklist below for details:
 - Markdown changelog
 - Bump version configuration (if using Python), for example [hatch](https://hatch.pypa.io/latest/)
 - [Add a trusted publisher](https://docs.pypi.org/trusted-publishers/adding-a-publisher/) to your PyPI project
-- If needed, access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens).
+- If publishing to npm, we recommend using [npm Trusted Publishers](https://docs.npmjs.com/trusted-publishers) (requires npm >= 11.5.1, available via Node.js >= 24). Otherwise, create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens).
 
 ## Checklist for Adoption
 
@@ -47,8 +47,41 @@ See checklist below for details:
       _environment_ should be `release` (the name of the GitHub environment).
   - Ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.pypi.org/trusted-publishers/using-a-publisher/))
 
-- [ ] If needed, add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`. Again this should
-  be created using a machine account that only has publish access.
+- [ ] Set up npm (if publishing to npm):
+
+<details><summary>Using npm Trusted Publishers (recommended)</summary>
+
+- npm Trusted Publishers is supported with npm >= 11.5.1
+
+- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements))
+
+- Set up the Node.js version in your workflow using one of these approaches:
+
+  Using the `base-setup` action from `jupyterlab/maintainer-tools`:
+
+  ```yaml
+  - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
+  ```
+
+  Or using the standard `setup-node` action:
+
+  ```yaml
+  - uses: actions/setup-node@v6
+    with:
+      node-version: "24.x"
+  ```
+
+- With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret
+
+</details>
+
+<details><summary>Using NPM_TOKEN (legacy way)</summary>
+
+- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`
+- This should be created using a machine account that only has publish access
+- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions))
+
+</details>
 
 - [ ] Ensure that only trusted users with 2FA have admin access to the repository, since they will be able to trigger releases.
 
diff --git a/docs/source/reference/theory.md b/docs/source/reference/theory.md
index dbe796ff..680a6f33 100644
--- a/docs/source/reference/theory.md
+++ b/docs/source/reference/theory.md
@@ -17,7 +17,7 @@ This project should help maintainers reduce toil and save time in the release pr
 
 We strive to use the most secure release practices possible, reflected in the `Checklist for Adoption`
 and the example workflows.
-This includes using PyPI Trusted Publishing, using GitHub Environments, encouraging the use of Rulesets and GitHub Apps with limited bypass capability, and provenance data for npm.
+This includes using PyPI Trusted Publishing, npm Trusted Publishers (with npm >= 11.5.1), using GitHub Environments, encouraging the use of Rulesets and GitHub Apps with limited bypass capability, and provenance data for npm.
 In addition, there is an automatic check for whether the user who triggered the action is an admin.
 
 ## Action Details
diff --git a/jupyter_releaser/npm.py b/jupyter_releaser/npm.py
index c9d98820..45558b5f 100644
--- a/jupyter_releaser/npm.py
+++ b/jupyter_releaser/npm.py
@@ -1,4 +1,5 @@
 """npm-related utilities."""
+
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
 import json
@@ -153,6 +154,8 @@ def handle_npm_config(npm_token):
         short_reg = registry.replace("https://", "//")
         short_reg = short_reg.replace("http://", "//")
         auth_entry = f"{short_reg}:_authToken={npm_token}"
+    else:
+        util.log("No NPM_TOKEN provided, will attempt to use npm Trusted Publishers if configured")
 
     # Handle existing config
     if npmrc.exists():
@@ -182,13 +185,13 @@ def get_package_versions(version):
     npm_version = data.get("version", "")
     if npm_version != version:
         message += f"\nPython version: {version}"
-        message += f'\nnpm version: {data["name"]}: {npm_version}'
+        message += f"\nnpm version: {data['name']}: {npm_version}"
     if "workspaces" in data:
         message += "\nnpm workspace versions:"
         for path in _get_workspace_packages(data):
             text = path.joinpath("package.json").read_text(encoding="utf-8")
             data = json.loads(text)
-            message += f'\n{data["name"]}: {data.get("version", "")}'
+            message += f"\n{data['name']}: {data.get('version', '')}"
     return message