Developed provenance-enabled package publishing for the swisspost/design-system repository, focusing on enhancing trust and traceability in the release process. Leveraged CI/CD pipelines and package management best practices to integrate verifiable build and publication history into the workflow. Utilized YAML to update GitHub Actions, granting ID token permissions for secure publishing and modifying npmrc settings to include provenance metadata. This approach improved auditability and compliance readiness for design-system packages, ensuring downstream consumers can verify the integrity of published artifacts. The work addressed governance and security requirements, resulting in a more robust and transparent package publishing process within the organization’s CI/CD infrastructure.