👷 Switch release jobs to npm stage publish

[dubzzz]

Description

AI-agent disclosure: this PR was authored by an automated agent (Claude Code) and has not been line-by-line reviewed by a human before submission.

Switches every publish_package_* job in .github/workflows/build-status.yml from pnpm publish to npm stage publish. With staged publishing, CI uploads the tarball into a holding area on the registry instead of releasing it immediately — a maintainer then has to approve the staged version (with 2FA) before it becomes installable. End users still receive the same artifacts on npm, but the release step is no longer fully automated: there is now an explicit approval gate between a tag being pushed and the package going live. This is a follow-up to #7011 (which already removed the OTP prompt from the publish call); together they move the workflow toward npm's recommended staged-release flow.

Each publish job now:

• installs npm@latest so the runner-provided npm is upgraded before publishing — the stage subcommand landed in npm 11.15.0 and is not yet bundled with Node 24's default npm;
• runs both npm install -g and npm stage publish from the parent directory (cd ..), because the repo's package.json pins pnpm via devEngines and would otherwise block npm from executing inside the workspace;
• no longer needs the pnpm/action-setup step or the pnpm-specific --no-git-checks flag, both of which were dropped from the seven affected jobs.

Non-publish jobs were intentionally left alone and still install pnpm — only the release plumbing changes. Because the diff only touches the workflow file, there are no source, dependency, or published-artifact changes, no semver impact to flag, and no changeset to add; the new code path is exercised the next time a v* tag is pushed.

Checklist

— Don't delete this checklist and make sure you do the following before opening the PR

• I have a full understanding of every line in this PR — whether the code was hand-written, AI-generated, copied from external sources or produced by any other tool
• I flagged the impact of my change (minor / patch / major) either by running pnpm run bump or by following the instructions from the changeset bot
• I kept this PR focused on a single concern and did not bundle unrelated changes
• I followed the gitmoji specification for the name of the PR, including the package scope (e.g. 🐛(vitest) Something...) when the change targets a package other than fast-check
• I added relevant tests and they would have failed without my PR (when applicable)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9560324

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​docusaurus/​tsconfig@​3.10.1
	@​docusaurus/​faster@​3.10.1
	@​docusaurus/​module-type-aliases@​3.10.1
	@​docusaurus/​preset-classic@​3.10.1
	docusaurus-plugin-typedoc@​1.4.2
	@​docusaurus/​types@​3.10.1
	@​docusaurus/​plugin-pwa@​3.10.1
	@​docusaurus/​core@​3.10.1
	@​docusaurus/​theme-mermaid@​3.10.1
	typedoc-plugin-markdown@​4.11.0
	clsx@​2.1.1
	@​docusaurus/​theme-classic@​3.10.1
	@​stackblitz/​sdk@​1.11.0
	jimp@​1.6.1
	@​mdx-js/​react@​3.1.1
	prism-react-renderer@​2.4.1
	docusaurus-plugin-llms@​0.4.0
	typedoc@​0.28.19
	@​docusaurus/​remark-plugin-npm2yarn@​3.10.1

View full report

[pkg-pr-new]

• @fast-check/examples

@fast-check/ava

npm i https://pkg.pr.new/@fast-check/ava@7013

fast-check

npm i https://pkg.pr.new/fast-check@7013

@fast-check/jest

npm i https://pkg.pr.new/@fast-check/jest@7013

@fast-check/packaged

npm i https://pkg.pr.new/@fast-check/packaged@7013

@fast-check/poisoning

npm i https://pkg.pr.new/@fast-check/poisoning@7013

@fast-check/vitest

npm i https://pkg.pr.new/@fast-check/vitest@7013

@fast-check/worker

npm i https://pkg.pr.new/@fast-check/worker@7013

commit: 9560324

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.82%. Comparing base (13695b4) to head (9560324).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7013   +/-   ##
=======================================
  Coverage   94.82%   94.82%           
=======================================
  Files         212      212           
  Lines        5876     5876           
  Branches     1541     1541           
=======================================
  Hits         5572     5572           
  Misses        296      296           
  Partials        8        8           

Flag	Coverage Δ
tests	94.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.