diff --git a/.changeset/witty-flies-agree.md b/.changeset/witty-flies-agree.md
new file mode 100644
index 000000000..bce6c64bf
--- /dev/null
+++ b/.changeset/witty-flies-agree.md
@@ -0,0 +1,5 @@
+---
+"@alauda/ui": patch
+---
+
+chore: migrate npm publishing to trusted publishing and Node 22
diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml
deleted file mode 100644
index d9831cbb6..000000000
--- a/.github/workflows/release-beta.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-name: Release beta
-
-on:
-  pull_request:
-    branches: [master]
-
-jobs:
-  release_beta:
-    name: Release Beta
-    permissions:
-      contents: read
-      id-token: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v3
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 20
-          cache: yarn
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install dependencies
-        run: yarn --frozen-lockfile
-
-      - name: Release beta
-        run: sh scripts/release.sh
-        env:
-          PUBLISH_VERSION: beta
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Sync Cnpm
-        run: npx cnpm sync @alauda/ui
diff --git a/.github/workflows/release-prod.yml b/.github/workflows/release-prod.yml
deleted file mode 100644
index ba6dfad22..000000000
--- a/.github/workflows/release-prod.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Release prod
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: Hotfix package version for prod, 5.7.0-prod-3.5-0 for example .
-        required: true
-
-jobs:
-  release_prod:
-    name: Release Prod
-    permissions:
-      contents: write
-      id-token: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v3
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 20
-          cache: yarn
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install dependencies
-        run: yarn --frozen-lockfile
-
-      - name: Set git info
-        run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-
-      - name: Release
-        run: sh scripts/release.sh
-        env:
-          PUBLISH_VERSION: ${{ github.event.inputs.version }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Sync Cnpm
-        run: npx cnpm sync @alauda/ui
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0bd1a6bd5..3dcb75b3c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,25 +4,35 @@ on:
   push:
     branches:
       - master
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Hotfix package version for prod, 5.7.0-prod-3.5-0 for example.
+        required: true
+
+permissions:
+  contents: write
+  id-token: write
 
 jobs:
   release:
     name: Release
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      id-token: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
           fetch-depth: 0
 
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 24
           cache: yarn
           registry-url: 'https://registry.npmjs.org'
 
@@ -30,6 +40,7 @@ jobs:
         run: yarn --frozen-lockfile
 
       - name: Create Release Pull Request or Publish to npm
+        if: github.event_name == 'push'
         id: changesets
         uses: changesets/action@v1
         with:
@@ -39,7 +50,25 @@ jobs:
           publish: yarn release
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Release beta
+        if: github.event_name == 'pull_request'
+        run: sh scripts/release.sh
+        env:
+          PUBLISH_VERSION: beta
+
+      - name: Set git info
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+
+      - name: Release prod
+        if: github.event_name == 'workflow_dispatch'
+        run: sh scripts/release.sh
+        env:
+          PUBLISH_VERSION: ${{ github.event.inputs.version }}
 
       - name: Sync Cnpm
+        if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && steps.changesets.outputs.published == 'true')
         run: npx cnpm sync @alauda/ui
diff --git a/.github/workflows/stories.yml b/.github/workflows/stories.yml
index 66abdfa42..468dee0f8 100644
--- a/.github/workflows/stories.yml
+++ b/.github/workflows/stories.yml
@@ -10,12 +10,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22.14.0
           cache: yarn
 
       - name: Install dependencies
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 52ce4be7c..1117f163c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,12 +8,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22.14.0
           cache: yarn
 
       - name: Install Dependencies
diff --git a/.nvmrc b/.nvmrc
index 209e3ef4b..cabf43b5d 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-20
+24
\ No newline at end of file
diff --git a/scripts/release.sh b/scripts/release.sh
index 960b11c4f..ac46ab7d3 100644
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -1,15 +1,11 @@
 #!/bin/sh
 
+set -e
+
 PUBLISH_VERSION=$(node scripts/publish-version)
 PUBLISH_BRANCH=$(node scripts/publish-branch)
 NPM_TAG=$(node scripts/npm-tag)
 
-if [ "$NODE_AUTH_TOKEN" = "" ] && [ "$NPM_TOKEN" = "" ]; then
-  echo "NPM_TOKEN is not available on PR from forked repository!"
-  echo "If you're a member of Alauda, just checkout a new branch instead."
-  exit 0
-fi
-
 if [ "$NPM_TAG" = "latest" ]; then
   echo "Publish latest tag via this script is not permitted anymore."
   exit 1
@@ -26,4 +22,4 @@ if [ "$PUBLISH_BRANCH" != "" ]; then
   git push --follow-tags origin "$PUBLISH_BRANCH"
 fi
 
-npm publish ./release --tag "$NPM_TAG" --provenance --access public
+npm publish ./release --tag "$NPM_TAG" --access public