diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d55ed31..92347e8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,17 +4,9 @@ on:
 jobs:
   lint-and-test:
     name: "Lint and Test"
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
+    runs-on: github-hosted-small
 
     steps:
-      - name: Harden the runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: block
-          policy: global-allowed-endpoints-policy
-
       - name: Check out repository code
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 50cfcb9..4aa7a04 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -10,17 +10,9 @@ permissions:
 
 jobs:
   publish-npm:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
+    runs-on: github-hosted-small
 
     steps:
-      - name: Harden the runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: block
-          policy: global-allowed-endpoints-policy
-
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 713b677..e771790 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,20 +5,12 @@ on:
 name: release-please
 jobs:
   release-please:
-    runs-on: ubuntu-latest
+    runs-on: github-hosted-small
     outputs:
       did-create-release: ${{ steps.release.outputs.release_created }}
       release-tag: ${{ steps.release.outputs.tag_name }}
-    permissions:
-      id-token: write
 
     steps:
-      - name: Harden the runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-        with:
-          egress-policy: block
-          policy: global-allowed-endpoints-policy
-
       - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13
         id: release
         with: