Intermediate 4 min · March 06, 2026

Pre-commit Hook Takes 3 Minutes — Entire Team Bypasses It

Q: How do I bypass a git hook when I really need to commit broken code?

Run `git commit --no-verify` (or `-n` for short) to skip all client-side hooks for that single commit. Use this sparingly — it's useful for WIP commits on a personal branch, but bypassing hooks on shared branches defeats the team's quality gates. Server-side hooks cannot be bypassed this way.

Q: Can I write a git hook in Python or Node.js instead of bash?

Absolutely. The only requirements are that the file is executable and starts with a valid shebang line pointing to the interpreter — for example `#!/usr/bin/env python3` or `#!/usr/bin/env node`. The rest of the script can use any language available on the developer's machine.

Q: What's the difference between pre-commit and pre-push — when should I use each?

Use `pre-commit` for fast, cheap checks that give instant feedback on every commit — linting and formatting are ideal. Use `pre-push` for slower, more comprehensive checks like running your full test suite, because it only fires when you push, not on every local commit. This balance keeps pre-commit fast enough that nobody wants to skip it.

Q: Can I undo a git hook that went wrong?

If a pre-commit hook blocks a valid commit, you can bypass it once with `git commit --no-verify`. If a commit-msg hook rejects a message, fix the message format and try again. If a pre-push hook blocks a push, bypass with `git push --no-verify` (use sparingly). To permanently remove a hook: delete the file from .git/hooks/ or the shared hooks directory.

Q: How do I test a git hook without triggering a real commit or push?

For commit-msg: echo 'test message' > /tmp/test-msg && .git/hooks/commit-msg /tmp/test-msg. For pre-commit: run it directly with bash -x .git/hooks/pre-commit to see debug output. For pre-receive: create a test repository and push to it to trigger the hook.

CI failures jumped 6x after a 3-minute pre-commit—discover 3 rules to prevent hook bypass and the exact structure that keeps hooks fast and enforced.

Naren · Founder

Plain-English first. Then code. Then the interview question.

About

● Production Incident 🔎 Debug Guide

⚡Quick Answer

Client-side: pre-commit (lint/format), commit-msg (message validation), pre-push (full tests)
Server-side: pre-receive (enforce branch protection), update (per-branch rules)
Exit code 0 = success, non-zero = cancel the operation
Located in .git/hooks/ — not shared on clone by default

Plain-English First

Imagine every time you dropped a letter into a postbox, a little robot checked it for spelling mistakes, confirmed you'd written a return address, and only then let it slide in. Git hooks are exactly that robot — tiny scripts that Git automatically runs before or after key events like committing, pushing, or merging. You write the rules once, and Git enforces them every single time, without you having to remember to do it yourself.

Git hooks are executable scripts that Git runs automatically at specific lifecycle events — before a commit, after a merge, before a push. They enforce quality gates at the exact point where mistakes enter the repository: the git command itself.

Client-side hooks (pre-commit, commit-msg, pre-push) catch lint errors, enforce commit message conventions, and run tests before code leaves a developer's machine. Server-side hooks (pre-receive, update) enforce branch protection and reject non-compliant pushes regardless of what the developer's local hooks allowed.

The critical distinction: client-side hooks can always be bypassed with --no-verify. They are quality-of-life tools, not enforcement mechanisms. Server-side hooks are the only truly un-bypassable enforcement. Teams that rely solely on client-side hooks for critical rules have a false sense of security.

What Git Hooks Actually Are — and Where They Live

Every git repository you initialise or clone contains a hidden .git folder. Inside that folder is a hooks directory. Open it and you'll find a collection of sample scripts with names like pre-commit.sample, commit-msg.sample, and post-merge.sample. These samples are Git's way of telling you: 'these are the moments I can pause and hand control over to you.'

A hook is just an executable script — shell, Python, Node.js, Ruby, whatever you like — placed in .git/hooks with a specific filename that Git recognises. When Git reaches a trigger point (say, the moment you run git commit), it looks for a script with the matching name, runs it, and checks the exit code. Exit code 0 means 'all good, carry on.' Any non-zero exit code means 'stop everything — something failed.'

This is the critical insight beginners miss: hooks are not magic — they're just scripts with agreed-upon filenames and a simple yes/no contract with Git via exit codes. That simplicity is what makes them so powerful. There's no special API to learn, no plugin system to configure. If you can write a script, you can write a hook.

io/thecodeforge/git/ExploreHooks.shBASH

#!/usr/bin/env bash
# io.thecodeforge — Explore Git Hooks Directory

# Step 1: Initialise a fresh repo so we can explore its structure
git init my-demo-project
cd my-demo-project

# Step 2: List the hooks directory — every repo has this out of the box
ls -la .git/hooks

# Step 3: Look at one of the sample files to understand the structure
# Git ships these as *.sample so they don't accidentally run
cat .git/hooks/pre-commit.sample

# Step 4: See all available hook trigger points
ls .git/hooks/*.sample | sed 's/.sample$//' | xargs -I {} basename {}
# Output lists every hook Git supports:
# applypatch-msg, commit-msg, post-update, pre-applypatch,
# pre-commit, pre-push, pre-rebase, pre-receive,
# prepare-commit-msg, update

Output

Initialized empty Git repository in /home/user/my-demo-project/.git/

total 56

drwxr-xr-x 2 user user 4096 Jun 10 09:00 .

drwxr-xr-x 8 user user 4096 Jun 10 09:00 ..

-rwxr-xr-x 1 user user 478 Jun 10 09:00 applypatch-msg.sample

-rwxr-xr-x 1 user user 896 Jun 10 09:00 commit-msg.sample

-rwxr-xr-x 1 user user 189 Jun 10 09:00 post-update.sample

-rwxr-xr-x 1 user user 424 Jun 10 09:00 pre-applypatch.sample

-rwxr-xr-x 1 user user 1642 Jun 10 09:00 pre-commit.sample

-rwxr-xr-x 1 user user 1348 Jun 10 09:00 pre-push.sample

-rwxr-xr-x 1 user user 4898 Jun 10 09:00 pre-rebase.sample

-rwxr-xr-x 1 user user 544 Jun 10 09:00 pre-receive.sample

-rwxr-xr-x 1 user user 1239 Jun 10 09:00 prepare-commit-msg.sample

-rwxr-xr-x 1 user user 3610 Jun 10 09:00 update.sample

Hooks Don't Transfer When You Clone

.git/hooks/ is local-only — never cloned, never pushed, never shared
Git ships sample hooks as *.sample files — rename to activate
core.hooksPath lets you point Git to a committed hooks directory
Husky automates hook installation via npm's prepare lifecycle script

Production Insight

The sample hook files in .git/hooks/ are Git's documentation in executable form. Every team member should read pre-commit.sample and pre-push.sample at least once — they contain comments explaining when the hook runs, what arguments Git passes, and what exit codes mean. The samples are more useful than any blog post because they are the exact contract Git expects.

Key Takeaway

A hook is an executable script in .git/hooks/ with a recognised filename. Git's contract is purely via exit codes: 0 means success, non-zero cancels the operation. Hooks are never shared on clone — use core.hooksPath or Husky to distribute them to the team.

Client-Side Hooks — Your First Line of Defence Before Code Leaves Your Machine

Client-side hooks run on your local machine in response to actions you perform. Think of them as your personal quality gate that catches issues before they ever reach your team or your CI server.

The three most useful client-side hooks are:

pre-commit — fires before Git even looks at your commit message. This is your chance to run linters, formatters, or unit tests against only the staged files. Fail here and no commit is created at all.

commit-msg — fires after you've typed your commit message but before the commit is finalised. This is where you enforce message conventions like Conventional Commits (feat:, fix:, chore:). Teams using automated changelogs depend on this.

pre-push — fires before your local commits are sent to the remote. It's a heavier gate — a good place for running your full test suite when you want to be absolutely sure before sharing your work.

The practical rule of thumb: keep pre-commit fast (under 5 seconds), because developers run it on every single commit. Slower checks belong in pre-push or your CI pipeline. Nobody disables a hook that's instant — they absolutely disable one that makes every commit take 2 minutes.

io/thecodeforge/git/hooks/pre-commitBASH

#!/usr/bin/env bash
# io.thecodeforge — pre-commit hook: runs ESLint on staged JS/TS files only
# so developers get instant feedback without linting the whole project.
#
# HOW TO INSTALL:
#   cp this file to .git/hooks/pre-commit
#   chmod +x .git/hooks/pre-commit
#   OR: use core.hooksPath to share with team

set -e  # Exit immediately on any command failure

# Collect only the JS and TS files that are staged (index), not all tracked files.
# --diff-filter=ACM means: Added, Copied, or Modified — skips Deleted files.
STAGED_JS_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(js|ts|jsx|tsx)$' || true)

# If no relevant files are staged, there's nothing to lint — exit cleanly.
if [ -z "$STAGED_JS_FILES" ]; then
  echo "pre-commit: No JS/TS files staged. Skipping lint check."
  exit 0  # Exit code 0 = success, Git continues with the commit
fi

echo "pre-commit: Running ESLint on staged files..."
echo "---"

# Run ESLint only against the files we collected above.
npx eslint $STAGED_JS_FILES

echo "---"
echo "pre-commit: All checks passed. Proceeding with commit."
exit 0

Output

pre-commit: Running ESLint on staged files...

---

/home/user/project/src/utils/formatDate.ts

12:5 error 'unusedVar' is assigned a value but never used no-unused-vars

27:1 error Expected indentation of 2 spaces but found 4 indent

2 problems (2 errors, 0 warnings)

---

pre-commit: ESLint found errors. Commit aborted.

Fix the issues above, then stage your changes again with 'git add'.

Lint Only What Is Staged

git diff --cached --name-only lists only staged files — not untracked or modified files
--diff-filter=ACM includes Added, Copied, Modified — excludes Deleted files
grep -E filters to relevant file extensions — skip files your linter does not handle
Pre-commit under 5 seconds: developers never bypass it. Over 30 seconds: everyone bypasses it.

Production Insight

The set -e at the top of a hook script is a critical safety net that most tutorials omit. Without it, a command that fails (non-zero exit) does not stop the script — subsequent commands continue, and the script may reach exit 0 at the end, telling Git the hook passed even though errors occurred. Every production hook script should start with set -e unless you have a specific reason to handle errors manually.

Key Takeaway

Client-side hooks run locally before code leaves your machine. pre-commit is for fast checks (lint, format) — keep it under 5 seconds. commit-msg enforces message conventions. pre-push runs heavier checks (full tests). All client-side hooks can be bypassed with --no-verify.

Enforcing Commit Message Standards With the commit-msg Hook

Messy commit messages are a silent tax on your team. When you are debugging a regression six months later, a log full of 'wip', 'fix', and 'asdf' is genuinely useless. The commit-msg hook solves this by validating the message before the commit is recorded — no nag emails, no code review comments, just an immediate block with a helpful explanation.

Git passes the commit message as a file path (not the message text directly) to the commit-msg hook. Your first job in the script is always to read that file. This trips up a lot of people.

The example below enforces the Conventional Commits specification, which is the standard behind tools like semantic-release and standard-version. These tools can automatically determine whether a release bumps a major, minor, or patch version — but only if every commit message follows the format. The hook is the enforcement mechanism that makes that automation trustworthy.

io/thecodeforge/git/hooks/commit-msgBASH

#!/usr/bin/env bash
# io.thecodeforge — commit-msg hook: enforces Conventional Commits
# Format: <type>(<optional scope>): <description>
# Examples:
#   feat(auth): add OAuth2 login support
#   fix: prevent crash when user list is empty
#   chore(deps): update lodash to 4.17.21

set -e  # Exit immediately on any command failure

# Git passes the PATH to the temporary file containing the commit message
# as the first argument ($1). We must read from that file — not from stdin.
COMMIT_MESSAGE_FILE="$1"
COMMIT_MESSAGE=$(cat "$COMMIT_MESSAGE_FILE")

# Strip leading/trailing whitespace and comments (lines starting with #)
COMMIT_MESSAGE_FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -1 | sed 's/#.*//' | xargs)

# Define the Conventional Commits regex pattern.
# Allowed types: feat, fix, docs, style, refactor, test, chore, perf, ci, build, revert
# The scope (in parentheses) is optional.
# The description must be at least 10 characters to avoid messages like "fix: stuff"
CONVENTIONAL_COMMIT_REGEX="^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\([a-zA-Z0-9_-]+\))?: .{10,}$"

# Test the commit message against our pattern.
if ! echo "$COMMIT_MESSAGE_FIRST_LINE" | grep -qE "$CONVENTIONAL_COMMIT_REGEX"; then
  echo ""
  echo "  COMMIT REJECTED — Message does not follow Conventional Commits format."
  echo ""
  echo "  Your message: \"$COMMIT_MESSAGE_FIRST_LINE\""
  echo ""
  echo "  Required format:"
  echo "    <type>(<optional scope>): <description — at least 10 characters>"
  echo ""
  echo "  Valid types: feat, fix, docs, style, refactor, test, chore, perf, ci, build, revert"
  echo ""
  echo "  Examples:"
  echo "    feat(payments): add Stripe webhook handler"
  echo "    fix: resolve null pointer in user session lookup"
  echo "    chore: update Node.js to v20 in CI workflow"
  echo ""
  exit 1  # Reject the commit — Git discards it entirely
fi

# If we reach here, the message is valid.
echo "  Commit message format validated."
exit 0

Output

COMMIT REJECTED — Message does not follow Conventional Commits format.

Your message: "fix stuff"

Required format:

Valid types: feat, fix, docs, style, refactor, test, chore, perf, ci, build, revert

Examples:

feat(payments): add Stripe webhook handler

fix: resolve null pointer in user session lookup

chore: update Node.js to v20 in CI workflow

The $1 Argument in commit-msg

$1 is a file path — the commit message is written to that file by Git
cat "$1" reads the message. Reading from stdin gives you nothing
Strip comments (lines starting with #) before validating — Git includes them in the file
Test your hook: echo 'fix stuff' > /tmp/test-msg && .git/hooks/commit-msg /tmp/test-msg

Production Insight

Conventional Commits enforcement via commit-msg hooks is the foundation of automated release pipelines. Tools like semantic-release and standard-version parse commit messages to determine version bumps: feat: triggers a minor bump, fix: triggers a patch, BREAKING CHANGE triggers a major bump. Without the commit-msg hook enforcing the format, one non-conventional commit breaks the entire automated release pipeline. The hook is not about aesthetics — it is about automation reliability.

Key Takeaway

commit-msg hooks enforce commit message conventions before the commit is recorded. Git passes the message as a file path via $1 — read it with cat "$1", never from stdin. Conventional Commits enforcement enables automated changelog and release pipelines. The hook is the enforcement mechanism that makes automation trustworthy.

Server-Side Hooks — Enforcement That Cannot Be Bypassed

Client-side hooks are quality-of-life tools. They can always be skipped with git commit --no-verify or git push --no-verify. For rules that must be enforced regardless of what a developer does locally, server-side hooks are the answer.

Server-side hooks run on the Git server when a push is received. The two most important are:

pre-receive — runs once for the entire push. If it exits non-zero, the entire push is rejected. This is the single most powerful hook: it can enforce branch protection, reject force-pushes, require commit signatures, or block pushes to protected branches.

update — runs once per ref being pushed (each branch or tag). It receives the ref name, old SHA, and new SHA as arguments. This is useful for per-branch rules: allow pushes to feature branches but reject direct pushes to main.

Server-side hooks cannot be bypassed by any flag on the client. They are the true enforcement mechanism. The trade-off: they require server access to configure, and a misconfigured server-side hook blocks the entire team.

io/thecodeforge/git/hooks/pre-receiveBASH

#!/usr/bin/env bash
# io.thecodeforge — pre-receive hook: enforce branch protection on the server
# This hook runs ONCE for the entire push. Reject any non-zero exit.
#
# INSTALLATION: place in the server's .git/hooks/pre-receive
# or configure via Git hosting platform (GitHub branch protection, GitLab push rules)

set -e

# Read each ref being pushed from stdin
# Format: <old-sha> <new-sha> <ref-name>
while read OLD_SHA NEW_SHA REF_NAME; do

  # ─────────────────────────────────────────────
  # RULE 1: Reject direct pushes to main
  # ─────────────────────────────────────────────
  if [ "$REF_NAME" = "refs/heads/main" ]; then
    echo "ERROR: Direct pushes to main are not allowed."
    echo "Please create a pull request instead."
    exit 1
  fi

  # ─────────────────────────────────────────────
  # RULE 2: Reject force-pushes (non-fast-forward)
  # ─────────────────────────────────────────────
  # A force-push is when the new commit is not a descendant of the old commit
  # $OLD_SHA is all zeros for new branches — skip the check in that case
  if [ "$OLD_SHA" != "0000000000000000000000000000000000000000" ]; then
    if ! git merge-base --is-ancestor "$OLD_SHA" "$NEW_SHA" 2>/dev/null; then
      echo "ERROR: Force-push to $REF_NAME rejected."
      echo "Use 'git revert' instead of 'git push --force'."
      exit 1
    fi
  fi

  # ─────────────────────────────────────────────
  # RULE 3: Enforce branch naming convention
  # ─────────────────────────────────────────────
  # Branches must start with: feature/, fix/, hotfix/, release/, chore/
  if ! echo "$REF_NAME" | grep -qE '^refs/heads/(feature|fix|hotfix|release|chore)/'; then
    # Allow main, develop, and staging
    if ! echo "$REF_NAME" | grep -qE '^refs/heads/(main|develop|staging)$'; then
      echo "ERROR: Branch name '$REF_NAME' does not follow naming convention."
      echo "Allowed prefixes: feature/, fix/, hotfix/, release/, chore/"
      echo "Allowed exact names: main, develop, staging"
      exit 1
    fi
  fi

done

# If we reach here, all rules passed.
echo "pre-receive: All checks passed. Push accepted."
exit 0

Output

# Pushing directly to main:

ERROR: Direct pushes to main are not allowed.

Please create a pull request instead.

To github.com:io/thecodeforge/payments-service.git

! [remote rejected] main -> main (pre-receive hook declined)

# Force-pushing to a feature branch:

ERROR: Force-push to refs/heads/feature/payment-retry rejected.

Use 'git revert' instead of 'git push --force'.

# Pushing a branch with bad name:

ERROR: Branch name 'refs/heads/my-experiment' does not follow naming convention.

Allowed prefixes: feature/, fix/, hotfix/, release/, chore/

Client-Side Hooks Are Convenience. Server-Side Hooks Are Enforcement.

pre-receive: runs once per push, rejects the entire push if it exits non-zero
update: runs once per ref, receives old SHA, new SHA, ref name as arguments
Server-side hooks require server access to configure — or use platform-level rules (GitHub branch protection, GitLab push rules)
A misconfigured server-side hook blocks the entire team — test thoroughly before deploying

Production Insight

Most teams use GitHub branch protection rules or GitLab push rules instead of raw server-side hooks. These platforms provide a GUI for common enforcement: require PR reviews, block force-pushes, require signed commits, restrict who can push to main. The trade-off: platform rules are less flexible than custom scripts. If you need custom logic (enforce branch naming, reject commits with certain file patterns, require specific CI checks to pass), you need actual server-side hooks or CI-based enforcement.

Key Takeaway

Server-side hooks (pre-receive, update) are the only truly un-bypassable enforcement. Client-side hooks can always be skipped with --no-verify. Critical rules must live on the server. Most teams use platform-level branch protection (GitHub/GitLab) for common rules and server-side hooks only for custom logic.

● Production incidentPOST-MORTEMseverity: high

pre-commit Hook Takes 3 Minutes: Entire Team Bypasses It Within a Week

Symptom

CI pipeline failures increased from 2 per week to 12 per week after the pre-commit hook was introduced. Developers reported that commits were taking too long. Commit velocity dropped 40%. The git log showed commit messages with no conventional format enforcement — the commit-msg hook was also being bypassed.

Assumption

The team lead assumed that running the full test suite on every commit would catch bugs earlier and reduce CI failures. They did not consider the developer experience cost of a 3-minute commit. They assumed developers would wait because 'it is for quality.'

Root cause

1. The pre-commit hook ran npm test (full test suite) on every commit. 2. The test suite took 3 minutes on a developer's laptop (vs 90 seconds in CI with caching). 3. Developers committing 15-20 times per day lost 45-60 minutes to the hook. 4. Within 3 days, every developer discovered git commit --no-verify (or -n). 5. The --no-verify flag skips ALL client-side hooks — both pre-commit AND commit-msg. 6. Broken code and non-conventional commit messages reached the remote without any local gate. 7. CI caught the failures 20 minutes later, blocking the team — the original problem, now worse.

Fix

1. Immediate: removed the full test suite from pre-commit. Replaced with ESLint (5 seconds) and Prettier formatting check (2 seconds). 2. Moved the full test suite to pre-push: runs before code is shared, but not on every local commit. 3. Added commit-msg hook back (instant — regex check). Developers stopped bypassing because it added zero latency. 4. Documented the principle in team wiki: 'pre-commit under 5 seconds, pre-push under 30 seconds, full tests in CI.' 5. Added a CI check that runs on every PR: if pre-commit was bypassed (detectable by lint errors in committed code), the PR fails.

Key lesson

A hook that takes more than 5 seconds will be bypassed by every developer within a week. Bypassed hooks provide zero protection.
pre-commit is for fast feedback: lint, format, type-check. pre-push is for heavier checks: full test suite. CI is for comprehensive validation.
--no-verify skips ALL client-side hooks simultaneously. If developers bypass pre-commit, they also bypass commit-msg enforcement.
Server-side enforcement (CI checks, branch protection) is the only reliable quality gate. Client-side hooks are convenience, not enforcement.

Production debug guideSystematic recovery paths for hook execution failures, bypass detection, and sharing issues.5 entries

Symptom · 01

Hook is not running at all — git commit succeeds silently without any hook execution

→

Fix

1. Check if the hook file is executable: ls -la .git/hooks/pre-commit. Look for x permission. 2. If missing: chmod +x .git/hooks/pre-commit. 3. Check if the hook has a valid shebang line: head -1 .git/hooks/pre-commit should show #!/usr/bin/env bash or similar. 4. Check if core.hooksPath is set to a different directory: git config core.hooksPath. If set, your hook must be in that directory, not .git/hooks/.

Symptom · 02

commit-msg hook never matches — regex validation always fails or always passes empty

→

Fix

1. The most common bug: reading commit message from stdin instead of from the file at $1. 2. Check your script: COMMIT_MESSAGE=$(cat "$1") is correct. Reading from stdin is wrong. 3. Debug: add echo "DEBUG: $1" at the top of the hook to see the file path Git passes. 4. Also contain trailing newlines or comments. Strip them: COMMIT_MESSAGE=$(head -1 "$1" | sed 's/#.*//').

Symptom · 03

Developers bypassing hooks check: the file at $1 may with --no-verify — hooks not providing protection

→

Fix

1. You cannot prevent --no-verify on client-side hooks. This is by design. 2. Move critical enforcement to server-side hooks or CI checks. 3. Detect bypass in CI: run the same lint/format checks in the CI pipeline. If the code fails CI lint, the developer bypassed pre-commit. 4. Consider a pre-push hook as a middle ground: harder to bypass than pre-commit (developers push less frequently than they commit).

Symptom · 04

Hook runs but exits with wrong code — git continues despite errors

→

Fix

1. Check if the hook explicitly calls exit 0 at the end even after errors. 2. A common bug: running a command, not capturing its exit code, then calling exit 0 unconditionally. 3. Fix: capture exit code immediately after the command: ESLINT_EXIT=$?. Then if [ $ESLINT_EXIT -ne 0 ]; then exit 1; fi. 4. In bash, use set -e at the top of the script to exit on any command failure automatically.

Symptom · 05

Shared hooks via core.hooksPath not working after clone

→

Fix

1. core.hooksPath is a local git config — it does not transfer on clone. 2. Every developer must run git config core.hooksPath hooks after cloning. 3. Add this to your README under 'Getting Started'. 4. Or add a post-clone setup script: ./setup.sh that runs the config command. 5. For Node.js projects, Husky handles this automatically via the prepare npm lifecycle script.

★ Git Hooks Triage Cheat SheetFast recovery for hook execution failures, bypass detection, and sharing issues.

Hook not running at all — git commit succeeds silently−

Immediate action

Check file permissions and shebang line.

Commands

ls -la .git/hooks/pre-commit (check for executable permission)

head -1 .git/hooks/pre-commit (verify shebang: #!/usr/bin/env bash)

Fix now

chmod +x .git/hooks/pre-commit. If using core.hooksPath: check git config core.hooksPath points to the right directory.

commit-msg hook regex never matches — message always rejected or always accepted empty+

Entire team bypassing hooks with --no-verify+

Hook runs but git commit still succeeds despite errors+

Shared hooks not working after teammate clones the repo+

Client-Side vs Server-Side Hooks

Aspect	client-side hooks (pre-commit, commit-msg)	server-side hooks (pre-receive, update)
Where they run	On the developer's local machine	On the Git server (GitHub Actions, GitLab, Gitea, etc.)
Who controls them	Individual developer (or shared via core.hooksPath / Husky)	Repository/platform administrator
Can they be bypassed?	Yes — `git commit --no-verify` skips them	No — the server enforces them regardless of client
Typical use case	Linting, formatting, commit message validation	Enforcing branch protection, triggering CI/CD, rejecting force-pushes
Setup complexity	Low — shell script + chmod	Higher — requires server access or platform configuration
Failure impact	Only affects the single developer's workflow	Blocks the push for the entire team if misconfigured
Shared automatically on clone?	No — requires Husky or core.hooksPath setup	Yes — lives on the server, applies to all contributors

Key takeaways

A git hook is just an executable script in .git/hooks/ with a recognised filename

Git's contract with it is purely via exit codes: 0 means success, anything else cancels the operation.

Keep pre-commit hooks fast by linting only staged files using git diff --cached --name-only

slow hooks get disabled by frustrated developers, which is worse than having no hook.

.git/hooks/ is never cloned or committed

share hooks across your team using git config core.hooksPath (language-agnostic) or Husky's prepare npm script (Node.js projects).

Server-side hooks like pre-receive are the only truly un-bypassable enforcement

client-side hooks can always be skipped with --no-verify, so critical rules belong on the server.

Every hook script should start with set -e to ensure command failures stop the script immediately, preventing false-positive hook passes.

INTERVIEW PREP · PRACTICE MODE

Interview Questions on This Topic

FAQ · 5 QUESTIONS

Frequently Asked Questions

How do I bypass a git hook when I really need to commit broken code?

Can I write a git hook in Python or Node.js instead of bash?

What's the difference between pre-commit and pre-push — when should I use each?

Can I undo a git hook that went wrong?

How do I test a git hook without triggering a real commit or push?

🔥

That's Git. Mark it forged?

4 min read · try the examples if you haven't