diff --git a/.github/workflows/publish-package-release.yml b/.github/workflows/publish-package-release.yml
index d1d88a133e..a64c774728 100644
--- a/.github/workflows/publish-package-release.yml
+++ b/.github/workflows/publish-package-release.yml
@@ -28,6 +28,8 @@ on:
 jobs:
   publish-package-release:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
     - run: echo "Publishing release for ${{inputs.package}}"
     - uses: kanga333/variable-mapper@v0.3.0
@@ -115,7 +117,7 @@ jobs:
 
     - name: Publish ${{ env.RELEASE_TITLE }} v${{ steps.get-version.outputs.version }} on NPM
       working-directory: ${{ env.PACKAGE_PATH }}
-      run: npm publish --tag '${{ inputs.tag}}'
+      run: npm publish --provenance --tag '${{ inputs.tag}}'
       env:
         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 4ab6d7261c..5bca8faf18 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -16,6 +16,8 @@ on:
 jobs:
   main:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
 
     - name: Checkout code
@@ -91,7 +93,7 @@ jobs:
       run: s3cmd put --recursive --acl-public packages/realm/prebuilds/realm-* s3://${{ secrets.PREBUILDS_S3_BUCKET_NAME }}/${{ steps.get-version.outputs.version }}/
 
     - name: Publish realm v${{ steps.get-version.outputs.version }} on NPM
-      run: npm publish --workspace realm --tag '${{ inputs.tag}}'
+      run: npm publish --provenance --workspace realm --tag '${{ inputs.tag}}'
       env:
         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e5f469c481..7c54c4ff94 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,7 @@
 ### Internal
 * The base URL used to communicate with the Atlas App Services was changed from "https://realm.mongodb.com" to "https://services.cloud.mongodb.com". ([realm/realm-core#7534](https://github.com/realm/realm-core/pull/7534)).
 * Upgraded Realm Core from v13.26.0 to v14.5.0. ([#6499](https://github.com/realm/realm-js/issues/6499), [#6541](https://github.com/realm/realm-js/issues/6541), [#6568](https://github.com/realm/realm-js/issues/6568), [#6572](https://github.com/realm/realm-js/issues/6572), and [#6599](https://github.com/realm/realm-js/issues/6599))
+* Publish releases with [provenance statements](https://docs.npmjs.com/generating-provenance-statements).
 
 ## 12.7.0-rc.0 (2024-03-26)
 
diff --git a/packages/babel-plugin/package.json b/packages/babel-plugin/package.json
index 7deabe9f10..ee3d4392a5 100644
--- a/packages/babel-plugin/package.json
+++ b/packages/babel-plugin/package.json
@@ -49,5 +49,10 @@
     "realm": "*",
     "ts-jest": "^29.1.2",
     "typescript": "^4.6.3"
+  },
+    "repository": {
+    "type": "git",
+    "url": "https://github.com/realm/realm-js.git",
+    "directory": "packages/babel-plugin"
   }
 }
diff --git a/packages/fetch/package.json b/packages/fetch/package.json
index d450e24fcd..5aebb9d80c 100644
--- a/packages/fetch/package.json
+++ b/packages/fetch/package.json
@@ -37,6 +37,11 @@
     "@tsconfig/node18": "^18.2.2",
     "@tsconfig/recommended": "^1.0.3"
   },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/realm/realm-js.git",
+    "directory": "packages/fetch"
+  },
   "engines": {
     "node": ">=18"
   }