diff --git a/.github/workflows/ui-install-and-lint.yml b/.github/workflows/ui-install-and-lint.yml
index 5f4e3c7..859504c 100644
--- a/.github/workflows/ui-install-and-lint.yml
+++ b/.github/workflows/ui-install-and-lint.yml
@@ -17,6 +17,11 @@ on:
       allow-lint-errors:
         required: true
         type: boolean
+      # release validation
+      fail-on-snapshot-deps:
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   run:
@@ -52,6 +57,16 @@ jobs:
       - name: List installed FOLIO package versions
         run: yarn list --pattern @folio
 
+      # Snapshots resolve from the npm-folioci repository; released versions resolve from npm-folio.
+      # This job installs with yarn classic, so any npm-folioci "resolved" URL in yarn.lock is a snapshot.
+      - name: Fail on snapshot dependencies
+        if: inputs.fail-on-snapshot-deps
+        run: |
+          if grep -nE '^\s+resolved "https?://[^"]*npm-folioci' yarn.lock; then
+            echo "::error file=yarn.lock::yarn.lock contains snapshot (npm-folioci) resolutions - regenerate against npm-folio before releasing"
+            exit 1
+          fi
+
       - name: Publish yarn.lock
         uses: actions/upload-artifact@v7
         with:
diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
index 0d19c5d..bf53099 100644
--- a/.github/workflows/ui.yml
+++ b/.github/workflows/ui.yml
@@ -207,6 +207,8 @@ jobs:
       folio-npm-registry: ${{ needs.set-shared-variables.outputs.folio-npm-registry }}
       allow-lint-errors: ${{ inputs.allow-lint-errors }}
       yarn-lock-retention-days: ${{ inputs.yarn-lock-retention-days }}
+      # On release tags, fail if the lockfile still pins snapshots from npm-folioci.
+      fail-on-snapshot-deps: ${{ needs.set-shared-variables.outputs.is-release == 'True' }}
 
   jest-tests:
     name: Run Jest tests