diff --git a/js/Makefile b/js/Makefile
index 3238eeb0d..e3466dbed 100644
--- a/js/Makefile
+++ b/js/Makefile
@@ -152,7 +152,7 @@ publish-sdk-js:
 	./scripts/validate-release.sh
 	pnpm install
 	pnpm run build
-	pnpm publish --no-git-checks
+	pnpm publish --no-git-checks --provenance
 
 # This is the only method I could find to install a package without explicitly
 # adding a dependency or modifying lock files.
diff --git a/js/scripts/publish-prerelease.sh b/js/scripts/publish-prerelease.sh
index 88b135858..135eef8aa 100755
--- a/js/scripts/publish-prerelease.sh
+++ b/js/scripts/publish-prerelease.sh
@@ -87,7 +87,7 @@ echo ""
 # In CI, just publish. Locally, ask for confirmation
 if [ -n "${CI:-}" ] || [ -n "${GITHUB_ACTIONS:-}" ]; then
   # Running in CI - publish without confirmation
-  pnpm publish --tag "$DIST_TAG" --no-git-checks
+  pnpm publish --tag "$DIST_TAG" --no-git-checks --provenance
 else
   # Running locally - ask for confirmation
   read -p "Ready to publish version $NEW_VERSION to npm with tag @$DIST_TAG? (y/N) " -n 1 -r