LLMpediaThe first transparent, open encyclopedia generated by LLMs

pre-commit

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Black (software) Hop 5
Expansion Funnel Raw 90 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted90
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
pre-commit
Namepre-commit
DeveloperOpen-source community
Initial release2014
Programming languagePython
RepositoryGit-based
LicenseMIT-like
WebsiteProject homepage

pre-commit

pre-commit is a framework for managing and executing repository-level git hooks to enforce code quality, style, and security checks before commits. It coordinates hook definitions, environments, and execution across repositories, integrating with multiple programming ecosystems and continuous integration systems. The tool is widely used in software projects to standardize checks across teams and to reduce downstream errors detected by services such as Travis CI, CircleCI, GitHub Actions, GitLab CI/CD, and Azure Pipelines.

Overview

pre-commit centralizes hook configuration in a repository file and uses isolated environments to run checks written in languages like Python (programming language), Bash, Node.js, Rust (programming language), and Go (programming language). The project originated in the wider Git (software) ecosystem that includes tools such as Mercurial alternatives and version control integrations with Subversion. pre-commit's design parallels efforts by organizations like Google, Facebook, and Microsoft to automate quality gates, and it is used alongside linters and formatters developed by communities including PyLint, Black (software), ESLint, Prettier, and Rustfmt. The framework complements security scanners from projects such as Bandit (software), trivy (software), and Dependabot.

Installation and configuration

Installation commonly uses package managers associated with host platforms, enabling distribution via pip for Python (programming language), Homebrew on macOS, or native OS packages for distributions like Debian and Fedora. Repository configuration is declared in a YAML file that references hook repositories and versions, which mirrors dependency practices found in requirements.txt and package.json ecosystems maintained by PyPI, npm, and Cargo (package manager). Administrators often pair configuration with project management tools such as Ansible, Chef, and Puppet for consistent repository setup in enterprise environments like Google Cloud Platform, Amazon Web Services, and Microsoft Azure.

Hooks and hook management

Hooks in pre-commit are packaged as repositories or local scripts and can wrap existing tools like Flake8, Mypy, Black (software), isort, ShellCheck, and Bashate. The tool supports languages and runtimes maintained by projects such as Node.js, Ruby, Perl, and PHP, enabling hooks that invoke formatters from Prettier, type checkers from Pyright, or security linters inspired by projects like OWASP and Snyk. Management features include pinning to specific commits or tags, mirroring practices used by GitHub Releases and Semantic Versioning, and caching environments similar to workflows in CircleCI and GitLab CI/CD.

Integration with development workflows

pre-commit integrates with local developer tooling and centralized services, enabling checks during local commits and in CI pipelines used by GitHub Actions, Travis CI, CircleCI, GitLab CI/CD, and Bamboo. Teams combine pre-commit with continuous integration patterns popularized by Jenkins, TeamCity, and Azure DevOps to ensure consistent enforcement across forks and pull requests submitted to platforms such as GitHub, GitLab, and Bitbucket (software) repositories. The framework also interoperates with code review tools like Gerrit and project management systems such as Jira Software and Trello to gate merges and automate issue creation based on hook failures.

Security and reliability considerations

Security-conscious projects use pre-commit to run static analysis tools from projects including Bandit (software), Brakeman, Semgrep, and Dependabot-style dependency checks to catch vulnerabilities before code merges. The framework isolates hooks in ephemeral environments similar to sandboxing strategies by Docker and Kubernetes to reduce host contamination risks. Administrators must vet third-party hook repositories in the same way organizations review supply chain risks highlighted by incidents involving SolarWinds and advisories published by CISA. Lockfile pinning and reproducible environment features mirror practices advocated by NIST and dependency governance guidelines from OpenSSF.

Usage examples and common hooks

Common pre-commit configurations invoke formatters and linters such as Black (software), isort, Flake8, Mypy, ESLint, Prettier, ShellCheck, and Rustfmt. Projects in ecosystems maintained by Django (web framework), Flask, React (JavaScript library), Angular (web framework), TensorFlow, and PyTorch often include hooks tailored to their conventions. Example workflows demonstrate applying hooks on staged files and running manual hook invocation during development, aligning with developer practices at organizations like Netflix, Airbnb, and Spotify to maintain code consistency.

Alternatives to pre-commit include platform-specific and language-specific hook managers and linters like Husky (software), lefthook, Overcommit, git-hooks frameworks, and integrated solutions within IDEs from JetBrains and Microsoft Visual Studio Code. For broader CI/CD enforcement, teams may prefer server-side checks implemented in Jenkins, GitLab CI/CD, GitHub Actions, or policy engines such as Open Policy Agent. Dependency and supply-chain tools related to pre-commit's security goals include Snyk, Dependabot, Trivy (software), and OSS Index.

Category:Software