diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0560604..cf6a4e0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,8 @@ jobs:
         with:
           cache: npm
           node-version: lts/*
-      - run: npm ci
+      - run: npm clean-install
+      - run: npm audit signatures
       - run: npx semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f56c1ba..2b8ae36 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
           cache: npm
-      - run: npm ci
+      - run: npm clean-install
       - run: npm run test:ci
 
   # separate job to set as required in branch protection,
@@ -45,6 +45,7 @@ jobs:
           node-version: "lts/*"
           cache: npm
       - run: npm clean-install
+      - run: npm audit signatures
       - name: Ensure dependencies are compatible with the version of node
         run: npx ls-engines
       - run: npm run lint