Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@johnls/easy
Advanced tools
Easy: Node Build & Release Tool
A tool that makes building, testing, starting, deploying and releasing multi-package NodeJS projects easy!
easy is an opinionated tool for managing a NodeJS project tree. It assumes your development environment uses:
- npm as the NodeJS package manager
- git to manage your source code
- If on macOS, iTerm2 as a scriptable replacement for the macOS Terminal app
- stampver to manage your semantic versioning
- An
actornaming convention for node sub-processes.
If you don't use all of the above, then easy is probably not going to be that helpful too you. Told you it was opinionated!
Installation
Install the package globally or use npx to run the latest version:
npm install -g @johnls/easy
easy --help
or:
npx @johnls/easy --help
Build
To build all projects recursively use:
easy build
You can also specify --install and --clean with this command.
Install
To install all npm packages recursively use:
easy install
If you specify --clean it will perform the clean command before installation.
Clean
To recursively clean out all node_modules, dist, build and package-lock.json files use:
easy clean
Test
To run all tests recursively use:
easy test
Each command will search recursively through your project tree looking for package.json files to process. They each ignore node_modules directories.
Start
It's common to have a NodeJS based product comprised of a website, a server and perhaps mobile apps. easy will run all the start scripts recursively with:
easy start
Easy is also intended to be used with NodeJS servers consisting of multiple actor services (or node sub-processes.) These actors processes have script names that start with actor:.
easy start --actors
If easy finds actor: entries, it will start each actor process using a new iTerm2 tab in the same window so that you can shut down your entire product with one click. For that package.json it will not run the start script. Very handy for local testing.
Release
The release command is used to create a new tested and tagged release in Git.
The tool uses stampver to update version information for the build. Just tell it which part of the version to update with patch, minor or major.
If you add the --deploy it will run npm run deploy to run the deploy script. This can be whatever you want. For example, publishing to npm it would be done with npm publish. For provisioning using Ansible, it might run ansible-playbook.
Deploy
The deploy command just runs npm run deploy. Simple.
Rollback
To quickly rollback the current HEAD of all branches to the tag prior to the current tag.
FAQs
A tool to make package project management easy!
We found that @johnls/easy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Feb 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025
Security News
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
By Sarah Gooding -  Dec 10, 2025