diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 50bea79..d29104f 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,4 +1,4 @@
 # Lines starting with '#' are comments.
 # Each line is a file pattern followed by one or more owners.
 
-*                                    @MetaMask/devs
+*                                   @MetaMask/shared-libraries-engineers
diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml
new file mode 100644
index 0000000..ced0449
--- /dev/null
+++ b/.github/workflows/security-code-scanner.yml
@@ -0,0 +1,43 @@
+name: 'MetaMask Security Code Scanner'
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+
+jobs:
+  run-security-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: MetaMask Security Code Scanner
+        uses: MetaMask/Security-Code-Scanner@main
+        with:
+          repo: ${{ github.repository }}
+          paths_ignored: |
+            .storybook/
+            '**/__snapshots__/'
+            '**/*.snap'
+            '**/*.stories.js'
+            '**/*.stories.tsx'
+            '**/*.test.browser.ts*'
+            '**/*.test.js*'
+            '**/*.test.ts*'
+            '**/fixtures/'
+            '**/jest.config.js'
+            '**/jest.environment.js'
+            '**/mocks/'
+            '**/test*/'
+            docs/
+            e2e/
+            merged-packages/
+            node_modules
+            storybook/
+            test*/
+          rules_excluded: example
+          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 51c1a14..4af204f 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -3,7 +3,10 @@ name: shellcheck
 permissions:
   checks: write
 
-on: [push]
+on:
+  push:
+    branches: [main]
+  pull_request:
 
 jobs:
   lint:
diff --git a/.github/workflows/test-monorepo.yml b/.github/workflows/test-monorepo.yml
index 548b778..6e5884d 100644
--- a/.github/workflows/test-monorepo.yml
+++ b/.github/workflows/test-monorepo.yml
@@ -1,5 +1,8 @@
 name: test-monorepo
-on: [push]
+on:
+  push:
+    branches: [main]
+  pull_request:
 jobs:
   # test npm publish dry-run
   checkout_publish_skunkworks_dry_run:
diff --git a/.github/workflows/test-polyrepo.yml b/.github/workflows/test-polyrepo.yml
index 074981b..b916917 100644
--- a/.github/workflows/test-polyrepo.yml
+++ b/.github/workflows/test-polyrepo.yml
@@ -1,5 +1,8 @@
 name: test-polyrepo
-on: [push]
+on:
+  push:
+    branches: [main]
+  pull_request:
 jobs:
   # test npm publish dry-run
   checkout_publish_controllers_dry_run:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 11c4db4..3e6b187 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,8 @@
 name: test
-on: [push]
+on:
+  push:
+    branches: [main]
+  pull_request:
 jobs:
   test:
     runs-on: ubuntu-20.04
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c346cc..960ca3f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.0.0]
+### Changed
+- **BREAKING:** Disallow publishing packages with version 0.0.0 ([#63](https://github.com/MetaMask/action-npm-publish/pull/63))
+
+### Fixed
+- Fix Yarn 4 compatibility ([#65](https://github.com/MetaMask/action-npm-publish/pull/65))
+
 ## [4.0.3]
 ### Fixed
 - Fix Slack announcement for public default channel ([#73](https://github.com/MetaMask/action-npm-publish/pull/73))
@@ -84,7 +91,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Initial release ([#1](https://github.com/MetaMask/action-npm-publish/pull/1))
 
-[Unreleased]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.3...HEAD
+[Unreleased]: https://github.com/MetaMask/action-npm-publish/compare/v5.0.0...HEAD
+[5.0.0]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.3...v5.0.0
 [4.0.3]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.2...v4.0.3
 [4.0.2]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.1...v4.0.2
 [4.0.1]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.0...v4.0.1
diff --git a/README.md b/README.md
index 49910a2..b9a2653 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ We've added the ability to customize the message posted in Slack and those optio
 
 - `icon-url`
 - `username`
-- `target-name`
+- `subteam`
 - `channel`
 
 example:
@@ -67,7 +67,7 @@ example:
     icon-url: https://ricky.codes/me.jpg
     username: rickybot
     # re subteam, see: https://api.slack.com/reference/surfaces/formatting#mentioning-groups
-    subteam: subteam: S042S7RE4AE # @metamask-npm-publishers
+    subteam: S042S7RE4AE # @metamask-npm-publishers
     channel: dev-channel
 ```
 
@@ -87,5 +87,5 @@ You can read more about these option in the [API](#API) section below
 
 - **`icon-url`** _(optional)_. Url to the avatar used for the bot in Slack. If not set this defaults to the avatar in this repository.
 - **`username`** _(optional)_. The name of the bot as it appears on Slack. If not set this defaults to `MetaMask bot`.
-- **`target-name`** _(optional)_. Use this if you want to ping an individual or subset of individuals on Slack using `@`.
+- **`subteam`** _(optional)_. Use this if you want to ping a subteam of individuals on Slack using `@`.
 - **`channel`** _(optional)_. Use this if you want to post to a channel other than the default: `metamask-dev`.
diff --git a/action.yml b/action.yml
index 2512dc3..c3b169d 100644
--- a/action.yml
+++ b/action.yml
@@ -35,6 +35,20 @@ runs:
       env:
         YARN_NPM_AUTH_TOKEN: ${{ inputs.npm-token }}
         PUBLISH_NPM_TAG: ${{ inputs.npm-tag }}
+    - id: install-pkdiff
+      shell: bash
+      run: npm i -g pkdiff
+    - id: generate-report
+      shell: bash
+      if: inputs.npm-token == ''
+      run: ${{ github.action_path }}/scripts/report.sh
+    - id: upload-artifact
+      if: inputs.npm-token == ''
+      uses: actions/upload-artifact@v4
+      with:
+        path: |
+          /tmp/*.tgz
+          /tmp/*.html
     - id: name-version
       shell: bash
       if: inputs.slack-webhook-url != ''
diff --git a/package.json b/package.json
index 52feb48..c953e82 100644
--- a/package.json
+++ b/package.json
@@ -15,7 +15,7 @@
     "url": "https://github.com/MetaMask/action-npm-publish/issues"
   },
   "homepage": "https://github.com/MetaMask/action-npm-publish#readme",
-  "version": "4.0.3",
+  "version": "5.0.0",
   "main": "index.js",
   "directories": {
     "test": "test"
diff --git a/scripts/main.sh b/scripts/main.sh
index c29343f..358d7a4 100755
--- a/scripts/main.sh
+++ b/scripts/main.sh
@@ -8,7 +8,7 @@ script_path=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
 
 if [[ "$(jq 'has("workspaces")' package.json)" = "true" ]]; then
   echo "Notice: workspaces detected. Treating as monorepo."
-  yarn workspaces foreach --no-private --verbose exec "$script_path/publish.sh true"
+  yarn workspaces foreach --all --no-private --verbose exec "$script_path/publish.sh true"
   exit 0
 fi
 
diff --git a/scripts/publish.sh b/scripts/publish.sh
index fff1cbe..31aa957 100755
--- a/scripts/publish.sh
+++ b/scripts/publish.sh
@@ -5,8 +5,8 @@ set -e
 set -o pipefail
 
 if [[ -z $YARN_NPM_AUTH_TOKEN ]]; then
-  echo "Notice: 'npm-token' not set. Running 'yarn pack --dry-run'."
-  yarn pack --dry-run
+  echo "Notice: 'npm-token' not set. Running 'yarn pack'."
+  yarn pack --out /tmp/%s-%v.tgz
   exit 0
 fi
 
@@ -15,12 +15,18 @@ if [[ -z $PUBLISH_NPM_TAG ]]; then
   exit 1
 fi
 
+CURRENT_PACKAGE_VERSION=$(jq --raw-output .version package.json)
+
+if [[ "$CURRENT_PACKAGE_VERSION" = "0.0.0" ]]; then
+  echo "Notice: Invalid version: $CURRENT_PACKAGE_VERSION. aborting publish."
+  exit 0
+fi
+
 # check param, if it's set (monorepo) we check if it's published before proceeding
 if [[ -n "$1" ]]; then
   # check if module is published
   PACKAGE_NAME=$(jq --raw-output .name package.json)
   LATEST_PACKAGE_VERSION=$(npm view "$PACKAGE_NAME" dist-tags --workspaces false --json | jq --raw-output --arg tag "$PUBLISH_NPM_TAG" '.[$tag]' || echo "")
-  CURRENT_PACKAGE_VERSION=$(jq --raw-output .version package.json)
 
   if [ "$LATEST_PACKAGE_VERSION" = "$CURRENT_PACKAGE_VERSION" ]; then
     echo "Notice: This module is already published at $CURRENT_PACKAGE_VERSION. aborting publish."
diff --git a/scripts/report.sh b/scripts/report.sh
new file mode 100755
index 0000000..be2e144
--- /dev/null
+++ b/scripts/report.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -x
+set -e
+set -o pipefail
+
+directory="/tmp"
+
+for file in "$directory"/*.tgz; do
+    if [ -f "$file" ]; then
+        echo "Processing $file"
+        basename=$(basename "$file")
+        name="${basename%-*}"
+        name_with_slash="${name/-//}"
+        echo "$name_with_slash"
+        pkdiff "$name_with_slash@latest" "$file" \
+            --no-exit-code \
+            --no-open \
+            --output "$directory/$basename.html"
+    fi
+done
diff --git a/yarn.lock b/yarn.lock
index e121b20..171346f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1346,9 +1346,9 @@ which@^2.0.1:
     isexe "^2.0.0"
 
 word-wrap@^1.2.3:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
-  integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f"
+  integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==
 
 wrappy@1:
   version "1.0.2"