safepush scans your code before it leaves your machine. Secrets, debug prints, merge conflicts — caught before they hit the remote.
curl -sSL https://safepush.serghini.me/install.sh | bash
16 checks across two hooks. No dependencies beyond bash and git.
Your personal patterns — emails, phone numbers, internal project names. Add them once, never leak them again.
API keys, tokens, passwords, AWS keys, GitHub PATs, Slack tokens — patterns for all major services.
.env, .pem, .key, id_rsa, credentials.json — files that should never be committed.
Leftover <<<<<<< markers. Hard block — no questions asked.
console.log, println!, fmt.Println, puts, and more across 11 languages.
Files ≥ 1 MB. Git is not a file server. Shows human-readable sizes.
Finds trailing spaces and offers to strip them in-place. Auto re-stages the fix.
Cargo.toml changed but Cargo.lock didn't? Same for npm, pip, and go — we catch it.
Database URLs, JDBC strings, raw IP addresses. These belong in config, not code.
/home/simon/project/... paths that break the moment someone else clones your repo.
Friendly reminder about the things you told yourself you'd get back to.
Detects history rewrites. Asks very firmly before letting you delete other people's work.
Pushing straight to main/master? You probably meant to open a PR instead.
Modified tracked files that aren't staged — they won't be pushed. Did you forget?
Messages under 8 chars flagged. "fix", "wip", "oops" — you can do better.
Important-looking files not yet tracked. Maybe you meant to git add these?
Create a .safepush-blocklist file. One pattern per line. Hard block on match.
# .safepush-blocklist — patterns that will BLOCK the commit simon@example.com \+1-555-\d{3}-\d{4} internal\.company\.com 192\.168\.\d+\.\d+ # Lines starting with # are comments. Uses grep -E regex.