chore: harden publish dry run

Author: JoaoPauloCMarra

CHANGELOG.md

@@ -20,6 +20,7 @@ The format follows Keep a Changelog and the project adheres to SemVer.
 - Split detailed usage material into focused docs for API reference, React hooks, secure storage, web backends, batch/transaction/migration workflows, recipes, MMKV migration, and benchmarks.
 - Expand npm package description and keywords around React Native secure storage, biometric storage, Keychain, Android Keystore, Nitro Modules, MMKV migration, Expo SecureStore, Zustand/Jotai, and IndexedDB.
 - Update release tooling patches for `@swc/core`, `@types/node`, and `turbo`.
+- Harden publish dry-runs, package docs syncing, and npm pack content validation.
 
 ## 0.4.5 - 2026-04-14
 

package.json

@@ -8,6 +8,7 @@
   "scripts": {
     "setup": "node scripts/setup.js",
     "publish-package": "node scripts/publish.js",
+    "publish-package:dry": "node scripts/publish.js --dry-run",
     "build": "turbo run build",
     "lint": "turbo run lint",
     "format": "turbo run format",

packages/react-native-nitro-storage/package.json

@@ -60,8 +60,8 @@
     "test:cpp": "node scripts/test-cpp.js",
     "check:pack": "node scripts/check-pack-contents.js",
     "prepublishOnly": "bun run clean && bun run codegen && bun run build && bun run test:types && bun run benchmark",
-    "prepack": "node -e \"const fs=require('fs'); fs.copyFileSync('../../README.md','./README.md'); try{fs.copyFileSync('../../LICENSE','./LICENSE')}catch(e){} try{fs.copyFileSync('../../SECURITY.md','./SECURITY.md')}catch(e){} if(fs.existsSync('../../docs')) fs.cpSync('../../docs','./docs',{recursive:true})\"",
-    "postpack": "node -e \"const fs=require('fs'); ['./README.md','./LICENSE','./SECURITY.md'].forEach(f=>fs.existsSync(f)&&fs.unlinkSync(f)); if(fs.existsSync('./docs')) fs.rmSync('./docs',{recursive:true,force:true})\""
+    "prepack": "node scripts/sync-package-docs.js prepare",
+    "postpack": "node scripts/sync-package-docs.js cleanup"
   },
   "keywords": [
     "react-native",

packages/react-native-nitro-storage/scripts/check-pack-contents.js

@@ -6,6 +6,15 @@ function fail(message) {
 }
 
 const requiredFiles = [
+  "README.md",
+  "LICENSE",
+  "SECURITY.md",
+  "app.plugin.js",
+  "docs/api-reference.md",
+  "docs/secure-storage.md",
+  "docs/mmkv-migration.md",
+  "nitro.json",
+  "nitrogen/generated/shared/c++/HybridStorageSpec.hpp",
   "src/index.ts",
   "src/index.web.ts",
   "lib/commonjs/index.js",
@@ -16,6 +25,9 @@ const requiredFiles = [
 const forbiddenPatterns = [
   /^src\/__tests__\//,
   /^scripts\//,
+  /^cpp\/build\//,
+  /^android\/build\//,
+  /^android\/\.cxx\//,
   /(?:^|\/)[^/]*Test\.cpp$/,
 ];
 
@@ -39,9 +51,15 @@ if (!packMetadata || !Array.isArray(packMetadata.files)) {
   fail("npm pack metadata does not contain a files list.");
 }
 
+if (packMetadata.name !== "react-native-nitro-storage") {
+  fail(`Unexpected package name in npm pack output: ${packMetadata.name}`);
+}
+
 const packagedFiles = new Set(packMetadata.files.map((file) => file.path));
 
-const missingRequiredFiles = requiredFiles.filter((file) => !packagedFiles.has(file));
+const missingRequiredFiles = requiredFiles.filter(
+  (file) => !packagedFiles.has(file),
+);
 if (missingRequiredFiles.length > 0) {
   fail(`Missing required packed files: ${missingRequiredFiles.join(", ")}`);
 }
@@ -50,7 +68,11 @@ const forbiddenFiles = Array.from(packagedFiles).filter((file) =>
   forbiddenPatterns.some((pattern) => pattern.test(file)),
 );
 if (forbiddenFiles.length > 0) {
-  fail(`Forbidden files were included in npm pack output: ${forbiddenFiles.join(", ")}`);
+  fail(
+    `Forbidden files were included in npm pack output: ${forbiddenFiles.join(", ")}`,
+  );
 }
 
-console.log("✅ npm pack content guard passed.");
+console.log(
+  `✅ npm pack content guard passed (${packMetadata.files.length} files checked).`,
+);

packages/react-native-nitro-storage/scripts/sync-package-docs.js

@@ -0,0 +1,66 @@
+const fs = require("fs");
+const path = require("path");
+
+const packageRoot = path.resolve(__dirname, "..");
+const repoRoot = path.resolve(packageRoot, "../..");
+
+const entries = [
+  { source: "README.md", target: "README.md", type: "file" },
+  { source: "LICENSE", target: "LICENSE", type: "file" },
+  { source: "SECURITY.md", target: "SECURITY.md", type: "file" },
+  { source: "docs", target: "docs", type: "directory" },
+];
+
+function removeTarget(target) {
+  const targetPath = path.join(packageRoot, target);
+  if (!fs.existsSync(targetPath)) {
+    return;
+  }
+
+  fs.rmSync(targetPath, { recursive: true, force: true });
+}
+
+function copyEntry(entry) {
+  const sourcePath = path.join(repoRoot, entry.source);
+  const targetPath = path.join(packageRoot, entry.target);
+
+  if (!fs.existsSync(sourcePath)) {
+    throw new Error(
+      `Required package artifact source is missing: ${entry.source}`,
+    );
+  }
+
+  removeTarget(entry.target);
+
+  if (entry.type === "directory") {
+    fs.cpSync(sourcePath, targetPath, { recursive: true });
+    return;
+  }
+
+  fs.copyFileSync(sourcePath, targetPath);
+}
+
+function prepare() {
+  entries.forEach(copyEntry);
+}
+
+function cleanup() {
+  entries.forEach((entry) => removeTarget(entry.target));
+}
+
+const mode = process.argv[2];
+
+try {
+  if (mode === "prepare") {
+    prepare();
+  } else if (mode === "cleanup") {
+    cleanup();
+  } else {
+    throw new Error(
+      "Usage: node scripts/sync-package-docs.js <prepare|cleanup>",
+    );
+  }
+} catch (error) {
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exit(1);
+}

scripts/publish.js

@@ -16,12 +16,15 @@ const colors = {
 const projectRoot = path.resolve(__dirname, "..");
 const packageDir = path.join(
   projectRoot,
-  "packages/react-native-nitro-storage"
+  "packages/react-native-nitro-storage",
 );
 const packageJsonPath = path.join(packageDir, "package.json");
 const packageFilter = "react-native-nitro-storage";
-const isCI =
-  process.env.CI === "true" || process.env.GITHUB_ACTIONS === "true";
+const packageDocsSyncScript = path.join(
+  packageDir,
+  "scripts/sync-package-docs.js",
+);
+const isCI = process.env.CI === "true" || process.env.GITHUB_ACTIONS === "true";
 
 function log(message, color = "green") {
   console.log(colors[color](message));
@@ -54,6 +57,25 @@ function execCommandWithOutput(command, options = {}) {
   }
 }
 
+function shellQuote(value) {
+  return JSON.stringify(String(value));
+}
+
+function validateNpmTag(tag) {
+  if (!/^[a-z0-9][a-z0-9._-]*$/i.test(tag)) {
+    log(`Invalid npm dist tag: ${tag}`, "red");
+    process.exit(1);
+  }
+
+  if (/^v?\d+\.\d+\.\d+/.test(tag)) {
+    log(
+      `Invalid npm dist tag "${tag}": use a release channel like latest or next.`,
+      "red",
+    );
+    process.exit(1);
+  }
+}
+
 function isInteractive() {
   return process.stdin.isTTY && process.stdout.isTTY && !isCI;
 }
@@ -102,6 +124,16 @@ function checkNpmAuth() {
   return whoami !== null && whoami !== "";
 }
 
+function cleanupPackageDocs() {
+  if (!fs.existsSync(packageDocsSyncScript)) {
+    return;
+  }
+
+  execCommand(`node ${shellQuote(packageDocsSyncScript)} cleanup`, {
+    cwd: packageDir,
+  });
+}
+
 function formatGitStatus(statusLines) {
   const preview = statusLines.slice(0, 10).join("\n");
   const remainder =
@@ -177,12 +209,15 @@ async function main() {
   const skipPackPreview = args.includes("--skip-pack-preview");
   const tag =
     args.find((arg) => arg.startsWith("--tag="))?.split("=")[1] || "latest";
+  validateNpmTag(tag);
 
   console.log("");
   log("📦 Publishing react-native-nitro-storage", "bold");
   console.log("");
 
   const version = getPackageVersion();
+  cleanupPackageDocs();
+
   log(`Version: ${version}`, "cyan");
   log(`Tag: ${tag}`, "cyan");
   if (isDryRun) {
@@ -220,35 +255,33 @@ async function main() {
     console.log("");
   }
 
-  runCheck(
-    "🧹 Running lint...",
-    `bun run lint -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
-  );
+  runCheck("🧹 Running lint...", `bun run lint -- --filter=${packageFilter}`, {
+    cwd: projectRoot,
+  });
   runCheck(
     "🎨 Running format check...",
     `bun run format:check -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
+    { cwd: projectRoot },
   );
   runCheck(
     "📝 Running typecheck...",
     `bun run typecheck -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
+    { cwd: projectRoot },
   );
   runCheck(
     "🔎 Running type-surface checks...",
     `bun run test:types -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
+    { cwd: projectRoot },
   );
   runCheck(
     "🧪 Running unit tests...",
     `bun run test -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
+    { cwd: projectRoot },
   );
   runCheck(
     "🧪 Running C++ tests...",
     `bun run test:cpp -- --filter=${packageFilter}`,
-    { cwd: projectRoot }
+    { cwd: projectRoot },
   );
   runCheck(
     "🏗️ Preparing package artifacts...",
@@ -261,7 +294,7 @@ async function main() {
       "bun run test:cpp",
       "bun run check:pack",
     ].join(" && "),
-    { cwd: packageDir }
+    { cwd: packageDir },
   );
 
   if (!skipPackPreview) {
@@ -275,10 +308,10 @@ async function main() {
     if (packSummary) {
       const packageSize = packSummary.packageSize ?? packSummary.size;
       console.log(
-        `  • tarball: ${packSummary.filename} (${formatBytes(packageSize)})`
+        `  • tarball: ${packSummary.filename} (${formatBytes(packageSize)})`,
       );
       console.log(
-        `  • unpacked: ${formatBytes(packSummary.unpackedSize)}, files: ${packSummary.files?.length ?? "?"}`
+        `  • unpacked: ${formatBytes(packSummary.unpackedSize)}, files: ${packSummary.files?.length ?? "?"}`,
       );
     }
     console.log("");
@@ -295,22 +328,33 @@ async function main() {
   }
 
   if (isDryRun) {
-    log("🏃 Dry run complete! Package is ready to publish.", "green");
+    log("🏃 Running npm publish dry-run...", "cyan");
+    const dryPublishCommand = `npm publish --dry-run --tag ${shellQuote(tag)} --access public`;
+    if (!execCommand(dryPublishCommand, { cwd: packageDir })) {
+      log("✗ npm publish dry-run failed", "red");
+      cleanupPackageDocs();
+      process.exit(1);
+    }
+    cleanupPackageDocs();
+    console.log("");
+    log("✅ Dry run complete. Package is ready to publish.", "green");
     log(
       `Run without --dry-run${yes ? "" : " --yes"} to publish version ${version}`,
-      "cyan"
+      "cyan",
     );
   } else {
     log("🚀 Publishing to npm...", "cyan");
-    const publishCommand = `npm publish --tag ${tag} --access public${isCI ? " --provenance" : ""}`;
+    const publishCommand = `npm publish --tag ${shellQuote(tag)} --access public${isCI ? " --provenance" : ""}`;
     if (!execCommand(publishCommand, { cwd: packageDir })) {
       log("✗ Publish failed", "red");
+      cleanupPackageDocs();
       process.exit(1);
     }
+    cleanupPackageDocs();
     console.log("");
     log(
       `✅ Successfully published react-native-nitro-storage@${version}`,
-      "green"
+      "green",
     );
     log(`   https://www.npmjs.com/package/react-native-nitro-storage`, "cyan");
   }