diff --git a/.github/workflows/publish-pr-preview.yaml b/.github/workflows/deploy-preview.yaml
similarity index 97%
rename from .github/workflows/publish-pr-preview.yaml
rename to .github/workflows/deploy-preview.yaml
index e867cefa..3593cdd7 100644
--- a/.github/workflows/publish-pr-preview.yaml
+++ b/.github/workflows/deploy-preview.yaml
@@ -1,4 +1,4 @@
-name: PR preview
+name: Deploy preview
 
 on:
   pull_request:
@@ -11,7 +11,7 @@ env:
   MAX_QUERY_LENGTH: 500
 
 jobs:
-  preview:
+  deploy:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/deploy-published-releases.yaml b/.github/workflows/deploy-release.yaml
similarity index 70%
rename from .github/workflows/deploy-published-releases.yaml
rename to .github/workflows/deploy-release.yaml
index 5756c75c..5e704c9c 100644
--- a/.github/workflows/deploy-published-releases.yaml
+++ b/.github/workflows/deploy-release.yaml
@@ -1,4 +1,4 @@
-name: Release
+name: Deploy release
 
 on:
   release:
@@ -14,7 +14,25 @@ env:
   PREVIEW_WIDGET_URL: https://cdn.croct.io/js/v1/lib/plug/widget-${{ github.ref_name }}.html
 
 jobs:
-  deploy-library:
+  deploy:
+    uses: croct-tech/shared-public-configs/.github/workflows/publish-public-npm-package.yml@master
+    with:
+      prepare-script: >-
+        cp LICENSE README.md build/ &&
+        cd build &&
+        find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} + &&
+        sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json &&
+        sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.* &&
+        sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.* &&
+        sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.* &&
+        sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.* &&
+        sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.*
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  cdn:
+    if: ${{ !github.event.release.prerelease }}
+    needs: deploy
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
@@ -37,44 +55,9 @@ jobs:
 
       - name: Install dependencies
         if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: |-
-          npm ci
-          rm -rf ~/.npmrc
-
-      - name: Build package
-        run: |-
-          npm run build
-
-      - name: Prepare release
-        run: |-
-          cp LICENSE README.md build/
-          cd build
-          find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} +
-          sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json
-          sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.*
-          sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.*
-          sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.*
-          sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.*
-          sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.*
-
-      - name: Publish pre-release to NPM
-        if: ${{ github.event.release.prerelease }}
-        run: |-
-          cd build
-          npm publish --access public --tag next
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Publish release to NPM
-        if: ${{ !github.event.release.prerelease }}
-        run: |-
-          cd build
-          npm publish --access public
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm ci
 
       - name: Bundle package
-        if: ${{ !github.event.release.prerelease }}
         run: |-
           rm -rf build
           npm run bundle -- --config-cdn-url=${CDN_URL} \
@@ -85,7 +68,6 @@ jobs:
 
       - id: 'auth'
         name: 'Authenticate to Google Cloud'
-        if: ${{ !github.event.release.prerelease }}
         uses: 'google-github-actions/auth@v3'
         with:
           workload_identity_provider: '${{ secrets.GCLOUD_WORKLOAD_IDENTITY }}'
@@ -95,14 +77,13 @@ jobs:
         uses: google-github-actions/setup-gcloud@v3
 
       - name: Deploy to GCS
-        if: ${{ !github.event.release.prerelease }}
         env:
           GCLOUD_BUCKET: ${{ secrets.GCLOUD_BUCKET }}
         run: |-
           gsutil -m cp build/plug.min.js "gs://${GCLOUD_BUCKET}/js/v1/lib/plug.js"
           gsutil -m setmeta -h "Cache-Control: public, max-age=3600" "gs://${GCLOUD_BUCKET}/js/v1/lib/plug.js"
 
-  deploy-preview-widget:
+  preview-widget:
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
diff --git a/.github/workflows/library-validations.yaml b/.github/workflows/library-validations.yaml
deleted file mode 100644
index 9a4c209c..00000000
--- a/.github/workflows/library-validations.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-name: Library validations
-
-on:
-  push:
-    tags-ignore:
-      - '**'
-    branches:
-      - master
-  pull_request:
-    types:
-      - synchronize
-      - opened
-
-jobs:
-  security-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check dependency vulnerabilities
-        run: npm audit
-
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check compilation errors
-        run: npm run validate
-
-  lint:
-    runs-on: ubuntu-latest
-    needs: [ validate ]
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check coding standard violations
-        run: npm run lint
-
-  test:
-    runs-on: ubuntu-latest
-    needs: [ validate ]
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Run tests
-        run: npm run test
diff --git a/.github/workflows/validate-branch.yaml b/.github/workflows/validate-branch.yaml
new file mode 100644
index 00000000..624e247e
--- /dev/null
+++ b/.github/workflows/validate-branch.yaml
@@ -0,0 +1,19 @@
+name: Validate branch
+
+on:
+  push:
+    tags-ignore:
+      - '**'
+    branches:
+      - master
+  pull_request:
+    types:
+      - synchronize
+      - opened
+
+jobs:
+  validate:
+    uses: croct-tech/shared-public-configs/.github/workflows/javascript-validations.yml@master
+    with:
+      run-security: true
+      use-private-registry: false
diff --git a/.github/workflows/check-required-labels.yaml b/.github/workflows/validate-labels.yaml
similarity index 90%
rename from .github/workflows/check-required-labels.yaml
rename to .github/workflows/validate-labels.yaml
index 03984e95..af618af1 100644
--- a/.github/workflows/check-required-labels.yaml
+++ b/.github/workflows/validate-labels.yaml
@@ -1,4 +1,4 @@
-name: Label requirements
+name: Validate labels
 on:
   pull_request:
     types:
@@ -9,7 +9,7 @@ on:
       - unlabeled
 
 jobs:
-  check-labels:
+  validate:
     name: Check labels
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/preview-validations.yaml b/.github/workflows/validate-preview.yaml
similarity index 97%
rename from .github/workflows/preview-validations.yaml
rename to .github/workflows/validate-preview.yaml
index e6907f82..077f2f33 100644
--- a/.github/workflows/preview-validations.yaml
+++ b/.github/workflows/validate-preview.yaml
@@ -1,4 +1,4 @@
-name: Preview validations
+name: Validate preview
 
 on:
   push:
@@ -12,7 +12,7 @@ on:
       - opened
 
 jobs:
-  validate:
+  type-check:
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -38,7 +38,7 @@ jobs:
         run: npm run validate
 
   lint:
-    needs: [ validate ]
+    needs: [ type-check ]
     runs-on: ubuntu-latest
     defaults:
       run: