ci(release): fail early on npm scope access

Author: iexitdev

.github/workflows/publish.yml

@@ -38,6 +38,18 @@ jobs:
           node-version: 24
           registry-url: https://registry.npmjs.org
 
+      - name: Verify npm publish access
+        run: |
+          npm whoami
+
+          if ! npm access list packages @chart-kit --json >/dev/null; then
+            echo "NPM_TOKEN cannot access the @chart-kit npm scope."
+            echo "Create or claim the @chart-kit scope and grant this token publish rights before rerunning."
+            exit 1
+          fi
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
       - name: Install dependencies
         run: npm install --ignore-scripts
 

docs/release/beta-checklist.md

@@ -10,7 +10,7 @@ This checklist tracks CKV2-017 readiness for the H5-approved Developer Preview.
 - Package strategy: `react-native-chart-kit` remains the compatibility path; `@chart-kit/react-native` is the modern v2 API for new adopters
 - Dist-tag target for Developer Preview: `next`
 - Publish manifest: [package-manifest.json](evidence/package-manifest.json) is the source of truth for Developer Preview-publishable packages. It publishes `@chart-kit/core`, `@chart-kit/svg-renderer`, `@chart-kit/react-native`, and then the root compatibility package `react-native-chart-kit`; it pack-checks but does not publish `@chart-kit/skia-renderer` or `@chart-kit/pro`.
-- npm access prerequisite: the `NPM_TOKEN` used by GitHub Actions must be able to create and publish public packages under the `@chart-kit` scope. npm returns `404 Not Found` for scoped package publishes when the token does not have access to that scope.
+- npm access prerequisite: the `NPM_TOKEN` used by GitHub Actions must be able to create and publish public packages under the `@chart-kit` scope. The publish workflow runs `npm whoami` and `npm access list packages @chart-kit --json` before expensive build/test work so missing scope access fails early.
 
 ## Required Checks
 

docs/release/evidence/npm-publish-evidence.json

@@ -13,8 +13,9 @@
       ]
     },
     {
-      "result": "Publish workflow reruns now skip already-published package versions and publish scoped dependency packages before the root compatibility package.",
+      "result": "Publish workflow reruns now verify npm auth/scope access early, skip already-published package versions, and publish scoped dependency packages before the root compatibility package.",
       "artifacts": [
+        ".github/workflows/publish.yml",
         "https://github.com/indiespirit/react-native-chart-kit/commit/47487b5",
         "https://github.com/indiespirit/react-native-chart-kit/commit/8bf2dad"
       ]

docs/release/h5-beta-gate-evidence.md

@@ -85,7 +85,7 @@ Benchmark scope covers core geometry plus one web showcase scrub timing scenario
 | Changelog               | [Changelog](../../CHANGELOG.md)                                                                                                                                                                                                                                                                                                                                  | Covered for current v7 preview                                                                                                                                                                                                                                                                                                                                                                                                                                              |
 | Support workflow        | `.github/ISSUE_TEMPLATE/*`                                                                                                                                                                                                                                                                                                                                       | Covered for layout, compatibility, and performance bugs                                                                                                                                                                                                                                                                                                                                                                                                                     |
 | Public export surface   | `scripts/verify-public-surface.mjs`; `scripts/verify-package-boundaries.mjs`; `scripts/verify-pro-preview-imports.mjs`; `npm run surface:check`                                                                                                                                                                                                                  | Covered for root compatibility exports, free/baseline modern v2 exports, React Native Pro preview subpath exports, Pro-candidate surface/capability/trigger metadata, package-boundary constraints, and public docs/showcase import-boundary constraints                                                                                                                                                                                                                    |
-| Release command safety  | `.github/workflows/publish.yml`; [npm publish evidence](evidence/npm-publish-evidence.json)                                                                                                                                                                                                                                                                      | Covered for branch, duplicate version, dist-tag, tests, docs, build checks, Playwright browser installation before E2E, local workspace publish targets, and idempotent reruns that skip already-published package versions. npm `@chart-kit` scope access is an external prerequisite for publishing scoped packages, and the current evidence manifest records the partial publish state.                                                                                 |
+| Release command safety  | `.github/workflows/publish.yml`; [npm publish evidence](evidence/npm-publish-evidence.json)                                                                                                                                                                                                                                                                      | Covered for branch, npm token/scope preflight, duplicate version, dist-tag, tests, docs, build checks, Playwright browser installation before E2E, local workspace publish targets, and idempotent reruns that skip already-published package versions. npm `@chart-kit` scope access is an external prerequisite for publishing scoped packages, and the current evidence manifest records the partial publish state.                                                      |
 | Package contents        | [package-manifest.json](evidence/package-manifest.json); `scripts/check-package-packs.mjs`; `scripts/list-release-packages.mjs`; `npm run pack:check`; `.github/workflows/publish.yml`                                                                                                                                                                           | Covered for root and workspace dry-run file lists after build, including `dist` entrypoints and `@chart-kit/react-native/pro-preview` artifacts. The publish workflow reads the same manifest and only Developer Preview-publishes packages with `publishInBeta: true`; `@chart-kit/pro` and `@chart-kit/skia-renderer` stay unpublished. Publishable dependency packages are ordered before the root compatibility package.                                                |
 | CI checks               | `.github/workflows/ci.yml`; `.github/workflows/native-release.yml`                                                                                                                                                                                                                                                                                               | Covered for fast checks and native release-build workflow definition; native workflow result still pending                                                                                                                                                                                                                                                                                                                                                                  |
 

docs/release/known-issues.md

@@ -14,7 +14,7 @@ Impact: Developer Preview can be used for preview and API feedback, but producti
 
 `react-native-chart-kit@7.0.0-next.0` is published under the `next` npm dist-tag, while `latest` remains `6.12.2`. The scoped modern packages are not published yet because npm returned `404 Not Found` when GitHub Actions attempted to publish `@chart-kit/core`; this indicates the `NPM_TOKEN` cannot create or publish public packages under the `@chart-kit` scope.
 
-The structured status lives in [npm-publish-evidence.json](evidence/npm-publish-evidence.json). The publish workflow now skips already-published package versions and publishes the scoped dependency packages before the root compatibility package on the next rerun.
+The structured status lives in [npm-publish-evidence.json](evidence/npm-publish-evidence.json). The publish workflow now verifies npm auth/scope access before expensive checks, skips already-published package versions, and publishes the scoped dependency packages before the root compatibility package on the next rerun.
 
 Impact: existing users can install the root preview package with the `next` dist-tag, but new adopters cannot install the modern `@chart-kit/react-native` package until the npm `@chart-kit` scope access is fixed and the publish workflow is rerun.