diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index a3ae725..85282bd 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -8,6 +8,9 @@ on:
     # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
     - cron: "0 8 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: Audit Dependencies
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 673f9ca..d9fcb92 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -18,6 +18,10 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+  checks: write
+
 jobs:
   lint-all:
     name: Lint All
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a44b227..b991984 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,6 +12,9 @@ on:
     # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
     - cron: "0 9 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 15c8efe..af848e1 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,6 +13,9 @@ on:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 7dbdfd4..c69932d 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -10,6 +10,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   commitlint:
     name: Lint Commits
diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml
index 130578e..9ca9a2b 100644
--- a/.github/workflows/release-integration.yml
+++ b/.github/workflows/release-integration.yml
@@ -19,6 +19,10 @@ on:
       PUBLISH_TOKEN:
         required: true
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   publish:
     name: Publish
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 75acebb..53ff3c2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -244,6 +244,7 @@ jobs:
     if: needs.release.outputs.releases
     uses: ./.github/workflows/release-integration.yml
     permissions:
+      contents: read
       id-token: write
     secrets:
       PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 2bab6d1..dedbc77 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 
 !**/.gitignore
 !/.commitlintrc.js
+!/.eslint.config.js
 !/.eslintrc.js
 !/.eslintrc.local.*
 !/.git-blame-ignore-revs
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index a3a12f4..601e9be 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "6.0.0"
+  ".": "6.0.1"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 890a503..f8a2453 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [6.0.1](https://github.com/npm/validate-npm-package-name/compare/v6.0.0...v6.0.1) (2025-06-05)
+### Bug Fixes
+* [`68a5c0e`](https://github.com/npm/validate-npm-package-name/commit/68a5c0e9776544fc888f93a7deef5a817272ef66) [#136](https://github.com/npm/validate-npm-package-name/pull/136) adding validation for scoped packages that begin with one or more periods (@shmam)
+### Chores
+* [`99ced75`](https://github.com/npm/validate-npm-package-name/commit/99ced7599aa0f7c315055c1a943075d5460c24d5) [#136](https://github.com/npm/validate-npm-package-name/pull/136) template-oss fixes (@shmam)
+* [`c45bc37`](https://github.com/npm/validate-npm-package-name/commit/c45bc3709039088c7f97e89816452d3f04f68023) [#134](https://github.com/npm/validate-npm-package-name/pull/134) bump @npmcli/template-oss from 4.23.3 to 4.24.3 (#134) (@dependabot[bot], @npm-cli-bot)
+
 ## [6.0.0](https://github.com/npm/validate-npm-package-name/compare/v5.0.1...v6.0.0) (2024-09-24)
 ### ⚠️ BREAKING CHANGES
 * `validate-npm-package-name` now supports node `^18.17.0 || >=20.5.0`
diff --git a/lib/index.js b/lib/index.js
index fd800d5..1501796 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -30,7 +30,7 @@ function validate (name) {
     errors.push('name length must be greater than zero')
   }
 
-  if (name.match(/^\./)) {
+  if (name.startsWith('.')) {
     errors.push('name cannot start with a period')
   }
 
@@ -75,6 +75,11 @@ function validate (name) {
     if (nameMatch) {
       var user = nameMatch[1]
       var pkg = nameMatch[2]
+
+      if (pkg.startsWith('.')) {
+        errors.push('name cannot start with a period')
+      }
+
       if (encodeURIComponent(user) === user && encodeURIComponent(pkg) === pkg) {
         return done(warnings, errors)
       }
diff --git a/package.json b/package.json
index 42089cb..18c1ddd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "validate-npm-package-name",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "description": "Give me a string and I'll tell you if it's a valid npm package name",
   "main": "lib/",
   "directories": {
@@ -8,7 +8,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/template-oss": "4.24.3",
     "tap": "^16.0.1"
   },
   "scripts": {
@@ -49,7 +49,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.24.3",
     "publish": true
   },
   "tap": {
diff --git a/release-please-config.json b/release-please-config.json
index a1676b9..c56fd1d 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -33,5 +33,5 @@
       "package-name": ""
     }
   },
-  "prerelease-type": "pre"
+  "prerelease-type": "pre.0"
 }
diff --git a/test/index.js b/test/index.js
index 84a11ea..403b8d5 100644
--- a/test/index.js
+++ b/test/index.js
@@ -53,6 +53,21 @@ test('validate-npm-package-name', function (t) {
     validForOldPackages: false,
     errors: ['name cannot start with a period'] })
 
+  t.same(validate('@npm/.'), {
+    validForNewPackages: false,
+    validForOldPackages: false,
+    errors: ['name cannot start with a period'] })
+
+  t.same(validate('@npm/..'), {
+    validForNewPackages: false,
+    validForOldPackages: false,
+    errors: ['name cannot start with a period'] })
+
+  t.same(validate('@npm/.package'), {
+    validForNewPackages: false,
+    validForOldPackages: false,
+    errors: ['name cannot start with a period'] })
+
   t.same(validate('_start-with-underscore'), {
     validForNewPackages: false,
     validForOldPackages: false,