diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c09b0e4..df37c04 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,8 +26,7 @@ jobs:
       - name: Setup Node (for npm publish)
         uses: actions/setup-node@v4
         with:
-          node-version: 20
-          registry-url: https://registry.npmjs.org
+          node-version: 22
 
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
@@ -51,3 +50,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_CONFIG_PROVENANCE: true
+          NODE_AUTH_TOKEN: ""
diff --git a/docs/releasing.md b/docs/releasing.md
index 0c78238..0df7d8f 100644
--- a/docs/releasing.md
+++ b/docs/releasing.md
@@ -7,6 +7,7 @@ This repository uses [Changesets](https://github.com/changesets/changesets) for
 1. In npm package settings, enable Trusted Publishing for this GitHub repository/workflow.
 2. Keep `main` protected (require PRs and green CI before merge).
 3. No `NPM_TOKEN` secret is required when Trusted Publishing is configured correctly.
+4. Release workflow uses Node 22 and explicitly clears `NODE_AUTH_TOKEN` to avoid token fallback auth.
 
 ## Daily release workflow