Push with confidence

safepush scans your code before it leaves your machine. Secrets, debug prints, merge conflicts — caught before they hit the remote.

curl -sSL https://safepush.serghini.me/install.sh | bash

What it checks

16 checks across two hooks. No dependencies beyond bash and git.

BLOCK

Custom blocklist

Your personal patterns — emails, phone numbers, internal project names. Add them once, never leak them again.

BLOCK

Secrets

API keys, tokens, passwords, AWS keys, GitHub PATs, Slack tokens — patterns for all major services.

BLOCK

Sensitive files

.env, .pem, .key, id_rsa, credentials.json — files that should never be committed.

BLOCK

Merge conflicts

Leftover <<<<<<< markers. Hard block — no questions asked.

WARN

Debug prints

console.log, println!, fmt.Println, puts, and more across 11 languages.

WARN

Large files

Files ≥ 1 MB. Git is not a file server. Shows human-readable sizes.

WARN

Trailing whitespace

Finds trailing spaces and offers to strip them in-place. Auto re-stages the fix.

WARN

Lockfile drift

Cargo.toml changed but Cargo.lock didn't? Same for npm, pip, and go — we catch it.

WARN

Hardcoded connections

Database URLs, JDBC strings, raw IP addresses. These belong in config, not code.

INFO

Absolute paths

/home/simon/project/... paths that break the moment someone else clones your repo.

INFO

TODO / FIXME

Friendly reminder about the things you told yourself you'd get back to.

BLOCK

Force push

Detects history rewrites. Asks very firmly before letting you delete other people's work.

WARN

Protected branch

Pushing straight to main/master? You probably meant to open a PR instead.

WARN

Unstaged changes

Modified tracked files that aren't staged — they won't be pushed. Did you forget?

INFO

Commit messages

Messages under 8 chars flagged. "fix", "wip", "oops" — you can do better.

INFO

Untracked files

Important-looking files not yet tracked. Maybe you meant to git add these?

Your personal guardrail

Create a .safepush-blocklist file. One pattern per line. Hard block on match.

# .safepush-blocklist — patterns that will BLOCK the commit
simon@example.com
\+1-555-\d{3}-\d{4}
internal\.company\.com
192\.168\.\d+\.\d+
# Lines starting with # are comments. Uses grep -E regex.