ci(release): verify npm registry before prerelease

Author: iexitdev

.github/workflows/publish.yml

@@ -151,6 +151,9 @@ jobs:
         env:
           NPM_TAG: ${{ steps.package.outputs.npm_tag }}
 
+      - name: Verify npm registry publish state
+        run: npm run release:publish:status -- --strict
+
       - name: Create GitHub release
         env:
           GH_TOKEN: ${{ github.token }}

docs/release/beta-checklist.md

@@ -48,7 +48,7 @@ The `test:e2e` command covers web showcase interaction flows. The example comman
 
 The `docs:build` command validates local links, balanced code fences, JS/TS markdown fence syntax, and public TS/TSX docs examples. Integrated docs example coverage still runs through `npm run rn:typecheck`.
 
-The `pack:check` command runs `npm pack --dry-run --json --ignore-scripts` for every package in the release package manifest, using a repo-local temp npm cache. It verifies package names, package metadata, README files, built `dist` entrypoints, and the modern `pro-preview` subpath artifacts. The publish workflow reads the same manifest for the Developer Preview publish list so preview-only packages cannot be published by an unrelated hardcoded loop. Keep dependency packages before the root compatibility package in the manifest so scoped package access failures happen before the root package is published.
+The `pack:check` command runs `npm pack --dry-run --json --ignore-scripts` for every package in the release package manifest, using a repo-local temp npm cache. It verifies package names, package metadata, README files, built `dist` entrypoints, and the modern `pro-preview` subpath artifacts. The publish workflow reads the same manifest for the Developer Preview publish list so preview-only packages cannot be published by an unrelated hardcoded loop. Keep dependency packages before the root compatibility package in the manifest so scoped package access failures happen before the root package is published. After publishing, the workflow runs `npm run release:publish:status -- --strict` and only creates the GitHub prerelease if the npm registry shows the publishable packages under `next` and the preview-only packages unpublished.
 
 Use `npm run release:qa:record -- --matrix runtime --list` to inspect native QA matrix rows, and add `--details` to print the required checks for each row. Use the same command with `--row`, `--status`, and `--evidence` after a manual device pass. Use `--matrix skia` for Skia renderer install, parity, and performance evidence. The recorder rejects `pass` rows without evidence links or missing repo-relative evidence files and regenerates [native QA checklist](native-qa-checklists.md).
 

scripts/check-release-gates.mjs

@@ -517,6 +517,7 @@ const publishWorkflowSafetyChecks = [
   "npm whoami",
   "npm access list packages @chart-kit --json",
   "scripts/list-release-packages.mjs --publishable",
+  "npm run release:publish:status -- --strict",
   "npm publish \"${PUBLISH_TARGET}\" --ignore-scripts --access public --provenance --tag"
 ].filter((needle) => !publishWorkflowSource.includes(needle));