Block .env File Commits

What is a Git Hooks Library?

Git hooks are shell scripts that Git runs automatically at specific points in your workflow — before a commit is recorded, before a push goes out, when a commit message is being composed. They're one of Git's most powerful features, but writing them from scratch requires knowing Bash, knowing Git's internals, and testing edge cases most developers don't think about until something breaks in production.

This library, built by the team behind Tower — the Git client used by over 100,000 developers — gives you a curated set of production-ready hook scripts covering the most common enforcement needs: code quality, commit message standards, secret detection, branch protection, and testing. Pick a hook, configure it for your stack, and copy the script directly into your repository.

Each hook is a plain Bash script with no external dependencies. You can install it in under a minute and share it with your team using Git's built-in core.hooksPath configuration.

Frequently Asked Questions

How do I install a Git hook?

Copy the generated script and save it to .git/hooks/[hook-name] in your repository (e.g. .git/hooks/pre-commit). Then make it executable: chmod +x .git/hooks/pre-commit. Git will run it automatically at the appropriate point in your workflow.

How do I share hooks with my team?

The .git/ directory is not tracked by Git, so hooks saved there are local only. To share hooks with your team, create a .githooks/ directory at the root of your repository, add your hook scripts there, and run git config core.hooksPath .githooks. Commit the .githooks/ directory to your repo. Each team member only needs to run the git config command once.

Can I use multiple hooks of the same type?

A hook file can only contain one script, but that script can call any number of checks. If you want to combine, say, the lint hook and the secret scan hook into a single pre-commit, simply concatenate their script bodies (after the shebang line) into one file. Each check should exit with code 1 on failure.

Do these hooks work on Windows?

These scripts require Bash, which is available on Windows via Git Bash, WSL (Windows Subsystem for Linux), or Cygwin. They've been written with portability in mind, but some patterns (like grep -E behavior) may differ slightly between GNU and BSD implementations. If you need Windows-native support, consider tools like Husky or lefthook that wrap hook execution.

Are there performance concerns with running hooks on every commit?

The hooks in this library are designed to be fast. Most only scan staged files (not the entire project), use efficient grep patterns, and exit early when there's nothing to check. The pre-push test runner hook is the exception — it runs your full test suite, which can take time. For large projects, consider running a focused subset of tests rather than the full suite.

Who built these hooks?

This library is built and maintained by the team at Tower, the Git client used by over 100,000 developers and designers. We've spent over a decade making Git easier to use — this tool is part of that mission.