The operating layer for Node.js repos
xops detects the tools you already use, recommends missing capabilities only when they make sense, and gives humans and code agents one safe, deterministic way to act — starting with the release workflow it already made safe, and expanding to the rest of the repo: tests, quality, dependency monitoring, security, CI, API operations, MaGit, and utilitix.
$ npm install -g @x12i/ops
Or run without installing: npx @x12i/ops@latest --full-flow
Detect what exists. Recommend what helps. Apply only with approval.
The new story — in progress
npm is not the problem. The release workflow is. That was always the entry point. But release was only the first broken workflow — the real problem is that a modern repository is now operated through many tools, many configs, many safety boundaries, and two different kinds of callers: humans and code agents.
One operating surface, top to bottom
What xops gives you back
npm does its job. The workflow around it — ordering, safety, sequencing — nobody built that part.
Learn why →xops ops status detects what exists across the repo — read-only, no setup, no surprises.
Evidence-based suggestions, not a generic checklist. Already-present tools are never recommended again.
See how →Package managers, CI, security scanners, MaGit, utilitix, and more — each tool keeps its job.
See supported tools →Type xops for the next step — branch work routes straight to GitButler, no second CLI to remember.
Pack check, sensitive-file block, post-bump re-validation — before anything reaches the registry.
Publish safety →Tarball inspection catches weaponized binding.gyp — no CVE, no advisory required.
Install security →Deterministic phrase catalog — not an LLM. Same input, same command. Safe to script.
See how →JSON plans, deterministic exits, no hidden prompts — plus what an agent can run without approval, and what still needs your --yes.
dependsOn controls publish order. Local file: dev links sync to registry ranges for publish, then restore.
Submit fixes, pull the fixed version, verify. Change requests become traceable — not permanent workarounds.
See how →Every run is journaled. One command restores the exact prior state. Try things without consequences.
See how →Setup plans show packages, files, commands, risks, and approval requirements before anything changes.
See how →xgit status, xgit push — natural git passthrough plus monorepo cross-solve.
xops scripts init and init runbook — preflight, core, ordered publish shell for agents.
xops exports fix normalizes import/require export maps when dual build artifacts exist.
Global, npx, or CI — same command everywhere. Run xops doctor to verify your environment.
Get started →Does it replace npm? Is ask an LLM? What if publish works but push fails?
Read FAQ →Every flag, passthrough rule, and copy-paste example in one place.
See all →What runs when you type one command
xops --full-flow
Find all packages under the current directory
Sort local packages by dependency order
Scan new dependency tarballs for Phantom Gyp before install
Align dependencies before build and test
Run builds in correct order, stop on failure
Block the publish path if tests fail
Inspect what npm would actually publish
Hand off to real npm binary, in order
Structured result for humans, CI, and agents