Will It Vibe?
DEP-012Low severity-4 points

Incomplete .gitignore

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

.gitignore exists but is missing some standard entries for this project's stack.

Why it matters

A .gitignore missing entries like .env or node_modules means one habitual git add -A can commit secrets, tens of thousands of dependency files, or OS junk like .DS_Store. Once a .env is pushed, its contents are leaked and rotating credentials is the only fix. The other entries mostly cost you repo bloat and noisy diffs, but the .env line is genuinely protective.

How to fix it

Add the missing entries the scan named to .gitignore: node_modules/ for Node projects, __pycache__/ for Python, and .env and .DS_Store for everything. Then check whether any of those paths are already tracked (git ls-files | grep for them); ignoring a file does nothing once it is committed, so untrack any hits with git rm -r --cached and commit. If a .env was ever committed, treat its values as exposed and rotate them.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks