Git hooks for code quality: a practical setup

By admin , 29 April 2026

What you will achieve

You will configure pre-commit and pre-push hooks that lint, format, type-check, and test your code, sharing the configuration across your team via the repo. By the end, broken code will not even reach your remote.

Choose a framework

Three popular options:

Husky + lint-staged for Node-based projects.
pre-commit framework for Python or polyglot projects.
core.hooksPath for fully custom shell scripts.

Path 1: Husky for Node

npm install --save-dev husky lint-staged eslint prettier
npx husky init

This adds a .husky/ directory and a prepare script in package.json that activates hooks on npm install.

# .husky/pre-commit
#!/usr/bin/env sh
. "$(dirname "$0")/_/husky.sh"
npx lint-staged

# package.json
"lint-staged": {
  "*.{js,ts,tsx,jsx}": [
    "eslint --fix",
    "prettier --write"
  ],
  "*.{json,md,yml,yaml}": ["prettier --write"]
}

# .husky/pre-push
#!/usr/bin/env sh
. "$(dirname "$0")/_/husky.sh"
npm run typecheck
npm test

Path 2: pre-commit framework

pip install pre-commit

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.6.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
      - id: check-merge-conflict
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.5.0
    hooks:
      - id: ruff
        args: [--fix]
      - id: ruff-format
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.0
    hooks:
      - id: gitleaks

pre-commit install
pre-commit install --hook-type pre-push
pre-commit run --all-files       # initial pass

Path 3: shared shell hooks

mkdir .githooks
cat > .githooks/pre-commit <<'EOF'
#!/usr/bin/env bash
set -e
files=$(git diff --cached --name-only --diff-filter=ACMR | grep -E '\\.(js|ts)$' || true)
[ -z "$files" ] && exit 0
echo "$files" | xargs npx eslint --max-warnings=0
echo "$files" | xargs npx prettier --check
EOF
chmod +x .githooks/pre-commit

git config core.hooksPath .githooks

Add a setup script so each developer runs git config core.hooksPath .githooks after cloning. Or document it in the README.

Best practices

Run only on changed files. Full-repo lint on every commit is too slow.
Aim for <5 second pre-commit, <30 second pre-push. Slow hooks get bypassed.
Make hooks fixable. If a hook fails, the user should know what to do.
Mirror in CI. Hooks can be skipped (--no-verify); CI is authoritative.

Adding more checks

Common additions:

Type-check (TypeScript: tsc --noEmit; Python: mypy).
Secret detection (gitleaks, trufflehog).
Commit message format (commitlint).
Branch name format (custom shell hook).

Commit message linting

npm install --save-dev @commitlint/cli @commitlint/config-conventional

# commitlint.config.js
module.exports = { extends: ['@commitlint/config-conventional'] };

# .husky/commit-msg
#!/usr/bin/env sh
. "$(dirname "$0")/_/husky.sh"
npx --no -- commitlint --edit $1

Bypassing

git commit --no-verify
git push --no-verify

Document policy: bypass for emergencies only; CI must still pass.

Auditing

git config --get core.hooksPath
ls -la .git/hooks/
npx husky list      # for husky

The result

Every commit passes lint and format; every push has run tests. Pull requests are clean from the start. Reviewers focus on logic, not style. Five hours of setup yields five years of dividends.