diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 123014908..83535e6be 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,3 +4,10 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8193d6a07..b73a41735 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -2,69 +2,114 @@ name: Publish Release
 
 on:
   workflow_dispatch:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+' # Release versions
-      - '[0-9]+.[0-9]+.[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+' # Beta versions
-      - '[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+'
+    inputs:
+      branch:
+        description: The branch to release from
+        required: true
+        default: master
+      version:
+        description: The version being published. This should be a valid semver version, such as `1.0.0`.
+        required: true
+        default: ''
+        type: string
+      dry-run:
+        type: boolean
+        description: Perform a publishing dry run. This will not publish the release, but will validate the release and log the commands that would be run.
+        default: false
 
 permissions:
   contents: read
-  packages: write
+  id-token: write # For publishing to NPM with provenance. Allows developers to run `npm audit signatures` and verify release signature of SDK. @see https://github.blog/2023-04-19-introducing-npm-package-provenance/
+
+env:
+  NODE_VERSION: 18
+  NODE_ENV: development
 
 jobs:
-  publish-npm:
-    name: 'NPM'
+  configure:
+    name: Validate input parameters
     runs-on: ubuntu-latest
-    environment: release
+
+    outputs:
+      vtag: ${{ steps.vtag.outputs.vtag }} # The fully constructed release tag to use for publishing
+      dry-run: ${{ steps.dry-run.outputs.dry-run }} # The dry-run flag to use for publishing, if applicable
 
     steps:
-      - name: Checkout code
+      - name: Checkout repository
         uses: actions/checkout@v4
-
-      - name: Setup Node
-        uses: actions/setup-node@v3
         with:
-          node-version: 18
-          cache: 'yarn'
-          registry-url: 'https://registry.npmjs.org'
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
 
-      - name: Install dependencies
-        run: yarn
+      # Configure for dry-run, if applicable. @see https://docs.npmjs.com/cli/v9/commands/npm-publish#dry-run
+      - id: dry-run
+        if: ${{ github.event.inputs.dry-run == 'true' }}
+        name: Configure for `--dry-run`
+        run: |
+          echo "dry-run=--dry-run" >> $GITHUB_ENV
+          echo "dry-run=--dry-run" >> $GITHUB_OUTPUT
 
-      - name: Build release
-        run: rm -rf dist && rm -rf build && yarn dist build
-      - name: Publish release to NPM
-        run: npm publish
+      # Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release.
+      - name: Build tag
+        id: vtag
+        run: |
+          PACKAGE_VERSION="${{ github.event.inputs.version }}"
+          echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV
+          echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT
+
+      # Ensure tag does not already exist.
+      - name: Validate version
+        uses: actions/github-script@v6
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          vtag: ${{ env.vtag }}
+        with:
+          script: |
+            const releaseMeta = github.rest.repos.listReleases.endpoint.merge({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+
+            const releases = await github.paginate(releaseMeta);
 
-  publish-gh:
-    needs: publish-npm # Don't publish to GitHub Packages until NPM is done
+            for (const release of releases) {
+              if (release.name === process.env.vtag) {
+                throw new Error(`${process.env.vtag} already exists`);
+              }
+            }
 
-    name: 'GitHub Packages'
+            console.log(`${process.env.vtag} does not exist. Proceeding with release.`)
+
+  publish-npm:
+    needs: configure
+
+    name: Publish to NPM
     runs-on: ubuntu-latest
-    environment: release
+    environment: 'release'
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
 
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
-          registry-url: 'https://npm.pkg.github.com'
-          cache: 'yarn'
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
 
       - name: Install dependencies
         run: yarn
-
+        
       - name: Build release
         run: rm -rf dist && rm -rf build && yarn dist build
 
-      - name: Publish release to GitHub Packages
-        run: npm publish
+      - name: Publish release to NPM
+        run: npm publish --provenance --tag ${{ needs.configure.outputs.vtag }} ${{ needs.configure.outputs.dry-run }}
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+
+
+