.gitignore: Keep Your Repository Clean
Every project has files that shouldn't be in version control: build artifacts, dependencies, secrets, editor configs, OS junk. A well-written .gitignore keeps your repo clean and your secrets safe. A missing one leaks .env files to GitHub.
Pattern Syntax
# Comments start with #
# Ignore a specific file
.env
secrets.json
# Ignore a directory (trailing slash)
node_modules/
dist/
build/
# Wildcard — matches any characters except /
*.log
*.tmp
*.swp
# Double star — matches any directory depth
**/test-results/
src/**/*.test.js
# Negation — re-include something
*.log
!important.log
# Question mark — matches single character
temp?.txt # temp1.txt, tempA.txt, but not temp10.txtEssential .gitignore by Stack
Node.js / JavaScript:
node_modules/
dist/
build/
.next/
.nuxt/
.output/
coverage/
*.log
npm-debug.log*
.env
.env.local
.env.*.localPython:
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
venv/
env/
.venv/
*.egg-info/
dist/
build/
.eggs/
.pytest_cache/
.mypy_cache/
.envGo:
# Go binaries
*.exe
*.exe~
*.dll
*.so
*.dylib
# Test binary
*.test
# Output
*.out
vendor/
.envJava:
*.class
*.jar
*.war
*.ear
target/
build/
.gradle/
.settings/
.classpath
.project
*.iml
.idea/Files You Should NEVER Commit
| File | Why |
|---|---|
.env | Contains API keys, database passwords, secrets |
*.pem, *.key | Private keys and certificates |
credentials.json | Service account keys (GCP, AWS) |
*.sqlite, *.db | Local databases with potentially sensitive data |
id_rsa, id_ed25519 | SSH private keys |
.npmrc with tokens | Registry authentication tokens |
Already Committed a Secret?
Adding a file to .gitignore doesn't remove it from history. If you committed a secret:
# 1. Remove the file from tracking (keeps it locally)
git rm --cached .env
# 2. Add to .gitignore
echo '.env' >> .gitignore
# 3. Commit the removal
git commit -m "Remove .env from tracking"
# 4. ROTATE THE SECRET — it's already in git history
# Anyone who cloned the repo has itFor complete history removal, use git filter-branch or BFG Repo-Cleaner. But the safest approach is always to rotate the compromised credential.
Global .gitignore
For files specific to your OS and editor (not the project), use a global gitignore:
# Set up global gitignore
git config --global core.excludesfile ~/.gitignore_global
# ~/.gitignore_global
.DS_Store
Thumbs.db
*.swp
*.swo
*~
.vscode/settings.json
.idea/
*.sublime-workspaceThis keeps project .gitignore files focused on project-specific patterns, not individual developer preferences.
Debugging .gitignore
# Check why a file is ignored
git check-ignore -v path/to/file
# .gitignore:3:*.log path/to/file.log
# List all ignored files
git status --ignored
# Force-add an ignored file (not recommended)
git add -f path/to/ignored-fileGenerate your .gitignore: .gitignore Generator — select your stack and get a complete .gitignore file instantly.