git-safe-push
v1.0.2
Published
A lightweight CLI tool that scans staged Git files before push and prevents dangerous code from being pushed accidentally.
Maintainers
Readme
git-safe-push
A lightweight CLI tool that scans staged Git files before push or commit and prevents dangerous code from being pushed accidentally.
Installation
npm install -g git-safe-pushQuick Start
# Scan staged files
npx git-safe-push
# Install git hooks (auto-scan on push & commit)
npx git-safe-push installCLI Usage
Scan before push
$ npx git-safe-push
🔍 Scanning before push...
❌ Found console.log in:
src/auth.js
→ console.log("login failed")
❌ Found debugger statement in:
app.js
→ debugger;
⚠ Found TODO comment in:
src/routes.js
→ // TODO: add validation
❌ Push blocked for safety.Install hooks
npx git-safe-push install
# ✅ pre-push hook installed
# ✅ pre-commit hook installedNow every git push and git commit will automatically scan staged files. If dangerous content is found, the push/commit is blocked.
Configuration
Create git-safe-push.config.json in your project root:
{
"block": [
"console.log",
"debugger",
"API_KEY",
"fdescribe(",
"fit(",
"only("
]
}What It Detects
| Severity | Pattern | Example |
| -------- | ------------------------- | -------------------------------- |
| ❌ Error | console.log/warn/error | console.log("debug") |
| ❌ Error | debugger statement | debugger; |
| ❌ Error | Possible API keys | sk-abc... or long string |
| ❌ Error | Hardcoded password | password: "secret" |
| ❌ Error | Hardcoded secret/token | secret: "123" |
| ⚠ Warn | TODO comments | // TODO: fix me |
| ⚠ Warn | .env references | .env in code |
| ⚠ Warn | process.env usage | process.env.PORT |
Test
node test.jsLicense
MIT
