diff --git a/.github/workflows/javascript-npm-packages.yml b/.github/workflows/javascript-npm-packages.yml
index c5829e4..9948c4a 100644
--- a/.github/workflows/javascript-npm-packages.yml
+++ b/.github/workflows/javascript-npm-packages.yml
@@ -82,7 +82,7 @@ jobs:
             # `files`, same `prepublishOnly`). Full rationale: CHANGELOG
             # v0.1.10.
             npm --version
-            npm publish
+            npm publish --ignore-scripts --access public
           else
             echo "Publishing with OIDC Trusted Publisher + provenance"
             pnpm publish --provenance --no-git-checks
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8c7b8a..8f817ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v0.1.11 - 20/05/2026
+
+### Fixes
+- `javascript-npm-packages` — pass `--ignore-scripts --access public` to `npm publish` on the token bootstrap path. Defense in depth against postinstall-worm supply-chain attacks: install-time scripts are already skipped by `pnpm install --frozen-lockfile --ignore-scripts` in `javascript/base`; the publish flag now also skips `prepack`/`postpack`/`publish`/`postpublish` while the long-lived bootstrap token is in env. `prepublishOnly` still runs (known `npm publish` behavior — the flag does not cover it), but it invokes our own gates from the frozen lockfile that already ran in the base action. The bootstrap token's exposure narrows to one publish — switch to OIDC + provenance via Trusted Publisher for `1.0.1+` to eliminate the long-lived token entirely.
+
 ## v0.1.10 - 20/05/2026
 
 ### Fixes
diff --git a/package.json b/package.json
index 19ba5a7..0a19b90 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@coroboros/ci",
-  "version": "0.1.10",
+  "version": "0.1.11",
   "private": true,
   "description": "Reusable GitHub Actions CI for the Coroboros stack.",
   "license": "SEE LICENSE IN LICENSE.md",