npm & git for the agentic era

npm and git,
redefined for
the agentic era.

One command surface that works the same whether a human runs it or a code agent does — graph-aware, non-blocking, reversible, and still just npm and git underneath. Built for code agents that need JSON and deterministic exits, and for the developers overseeing them who need to trust what just happened to their release.

$ npm install -g @x12i/npm

Or run without installing: npx @x12i/npm@latest --full-flow

One command. Every package. Every time.

terminal

~ projects/my-app $ xnpm --full-flow ✓ Found 6 packages ✓ Sorted dependency order ✓ Tarball inspection passed ✓ Installed dependencies ✓ Built packages ✓ Ran tests ✓ Validated npm pack safety ✓ Published in order ✓ Generated release report Done. Exit 0.

What xnpm gives you back

Why releases became events

npm does its job. The workflow around it — ordering, safety, sequencing — nobody built that part.

Ship fast. Nothing leaks.

Pack check, sensitive-file block, post-bump re-validation — before anything reaches the registry.

Publish safety →

Block Phantom Gyp before install

Tarball inspection catches weaponized binding.gyp — no CVE, no advisory required.

Install security →

Plain English. Exact command.

Deterministic phrase catalog — not an LLM. Same input, same command. Safe to script.

Built for the agent. Trusted by you.

JSON plans, deterministic exits, no hidden prompts — plus what an agent can run without approval, and what still needs your --yes.

The agent contract →

Release order from the stack file

dependsOn controls publish order. Local file: dev links sync to registry ranges for publish, then restore.

Stack releases →

Fix upstream. Don't fork.

Submit fixes, pull the fixed version, verify. Change requests become traceable — not permanent workarounds.

Run it. Undo it if needed.

Every run is journaled. One command restores the exact prior state. Try things without consequences.

Git-first. Same package.

xgit status, xgit push — natural git passthrough plus monorepo cross-solve.

xgit vs xnpm →

Tiered publish scripts + runbooks

xnpm scripts init and init runbook — preflight, core, ordered publish shell for agents.

Monorepo scripts →

One install. Runs anywhere.

Global, npx, or CI — same command everywhere. Run xnpm doctor to verify your environment.

Get started →

Common questions

Does it replace npm? Is ask an LLM? What if publish works but push fails?

Full flags & commands

Every flag, passthrough rule, and copy-paste example in one place.

What runs when you type one command

$ xnpm --full-flow

01

Discover

Find all packages under the current directory

02

Graph

Sort local packages by dependency order

03

Tarball gate

Scan new dependency tarballs for Phantom Gyp before install

04

Install

Align dependencies before build and test

05

Build

Run builds in correct order, stop on failure

06

Test

Block the publish path if tests fail

07

Pack safety

Inspect what npm would actually publish

08

Publish

Hand off to real npm binary, in order

09

Report

Structured result for humans, CI, and agents

→ The release workflow becomes something you run, not something you remember.

Open source · MIT

100% free.
That's it.

xnpm is MIT licensed — free for personal and commercial use. No trial, no tiers, no expiry. One install. Everything included.

✓ MIT license ✓ Use anywhere ✓ No account required ✓ No paid tiers ✓ No feature gates ✓ No expiry date

$ npm install -g @x12i/npm

Install guide + all commands →