GITHUB_TOKEN fails to authenticate

When we merge to master we run a release using semantic-release. However sometimes the release fails to publish because the GITHUB_TOKEN is invalid. The error does not occur every time, and usually I can just rerun the workflow and it will work. This is not ideal and I would like it to be more stable.

Here is our workflow

name: On Master
      - 'master'
    runs-on: ubuntu-latest
    - name: Checkout code
      uses: actions/checkout@v1
    - name: Setup node
      uses: actions/setup-node@v1
        node-version: '12.x'
        registry-url: ''
        scope: '<redacted>'
    - name: Install dependencies
      run: npm ci
        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_READ_TOKEN }}
    - name: Run lint
      run: npm run lint
    - name: Run test
      run: npm test
    - name: Run coverage
      run: npm run coverage
    - name: Run release
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: npm run release

Here is the error we are getting

npm ERR! code E401
npm ERR! 401 Unauthorized - PUT<redacted> - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

Any idea what could be causing this or how to fix it?

Out of curiosity, is a human merging or a GitHub workflow?