The complete .gitignore guide 🚫

.gitignore is a special file that tells Git which files NOT to track.

Why do you need .gitignore?

The problem without .gitignore

git add .
git commit -m "update"

# Just committed:
# - node_modules/ (200 MB!)
# - .env (with database passwords!)
# - *.log (50 MB of logs)
# - .DS_Store (macOS junk)

❌ Consequences:
- Repository ballooned to gigabytes
- Passwords leaked into a public GitHub repo
- Cloning the repo takes 10 minutes
- Your teammates are furious

The solution — .gitignore

# .gitignore
node_modules/
.env
*.log
.DS_Store

✅ Result:
- Git ignores these files
- Repository stays light and clean
- Secrets are safe

What NOT to commit?

1. Dependencies

# Node.js
node_modules/

# Python
__pycache__/
*.pyc
.venv/
venv/

# Ruby
vendor/bundle/

# PHP
vendor/

Why: They’re installed via npm install / pip install

2. Secrets and passwords 🔐

.env
.env.local
secrets.yml
config/database.yml
*.pem
*.key

NEVER commit:
- API keys
- Database passwords
- Secret tokens
- SSH keys
- Certificates

3. Compiled code and build artifacts

dist/
build/
*.exe
*.dll
*.so
*.o
*.class
*.pyc

4. Logs and temporary files

*.log
*.tmp
*.swp
*~
npm-debug.log*

5. OS system files

# macOS
.DS_Store
.AppleDouble

# Windows
Thumbs.db
desktop.ini

# Linux
*~
.directory

6. IDE configs

.vscode/
.idea/
*.sublime-project
*.sublime-workspace
.project

7. Local databases

*.sqlite
*.sqlite3
*.db

Syntax and Templates

How to create a .gitignore?

Method 1: Manually

# In the project root:
touch .gitignore

# Open it in your editor and add:
node_modules/
.env
*.log

Method 2: GitHub templates

When creating a repository, select a template:
- Python
- Node
- Java
- etc.

Method 3: gitignore.io

The site https://gitignore.io generates .gitignore files

# Example for Python + Django + VSCode:
curl https://www.toptal.com/developers/gitignore/api/python,django,vscode > .gitignore

.gitignore syntax

Basic rules

# Ignore a specific file
secret.txt

# Ignore a directory
logs/

# Ignore all files with an extension
*.log

# Ignore anywhere in the tree
**/temp.txt

# Exception — do NOT ignore
!important.log

Pattern examples

# One specific file
config.json

# All .txt files
*.txt

# All .txt files in the root only (not subdirectories)
/*.txt

# build directory anywhere in the tree
**/build/

# Ignore everything except these
*
!src/
!README.md

Comments

# This is a comment

# Dependencies
node_modules/
vendor/

# Secrets
.env  # file with passwords

Templates by language

Python

# Byte-compiled
__pycache__/
*.py[cod]
*$py.class

# Distribution
dist/
build/
*.egg-info/

# Virtual environment
venv/
ENV/
.venv/

# Django
*.log
db.sqlite3
media/
staticfiles/

# Flask
instance/
.webassets-cache

# Environment
.env

Node.js / JavaScript

# Dependencies
node_modules/
package-lock.json  # optional

# Build
dist/
build/
.next/
out/

# Logs
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Environment
.env
.env.local
.env.*.local

# Testing
coverage/
.nyc_output/

Java

# Compiled
*.class
*.jar
*.war
*.ear

# Build
target/
build/
out/

# IDE
.idea/
*.iml
.project
.settings/

# Logs
hs_err_pid*

Universal .gitignore for all projects

# Universal .gitignore

# Dependencies
node_modules/
__pycache__/
vendor/

# Secrets
.env
.env.local
secrets.*

# Build artifacts
dist/
build/
*.exe
*.dll

# Logs
*.log

# OS
.DS_Store
Thumbs.db
*~

# IDE
.vscode/
.idea/
*.swp

# Temporary
*.tmp
*.cache

What if you already committed something?

File is already tracked by Git

# 1. Add it to .gitignore
echo "node_modules/" >> .gitignore

# 2. Remove from Git (but keep on disk!)
git rm --cached node_modules/ -r

# 3. Commit
git commit -m "chore: remove node_modules from tracking"

# 4. Push
git push

--cached = remove from Git, but NOT from disk!

A secret ended up in Git 🚨

Immediately:

1. Rotate the password/key!

2. Remove it from Git history:
   bash git filter-branch --tree-filter 'rm -f .env' HEAD git push --force

3. Use BFG Repo-Cleaner for large files

Important: Old commits may still exist in forks!

Managing .gitignore

Global .gitignore

For all your projects at once:

# Create a global file
touch ~/.gitignore_global

# Add entries:
.DS_Store
.vscode/
*.swp

# Tell Git to use it:
git config --global core.excludesfile ~/.gitignore_global

Now these files are ignored in ALL projects!

Checking .gitignore

Check whether a file is ignored

git check-ignore -v node_modules/
# .gitignore:1:node_modules/ node_modules/

List all ignored files

git status --ignored

Debug why a file is ignored

git check-ignore -v -n path/to/file

Recommendations

Common mistakes

❌ Forgot the trailing slash

node_modules  # ignores a FILE named "node_modules"
node_modules/ # ignores a DIRECTORY named "node_modules/"

❌ Leading or trailing spaces

 .env   # WILL NOT work (leading space)
.env    # Correct

❌ File encoding
- .gitignore must be UTF-8
- Without BOM

Best practices

✅ DO:
- Create .gitignore at the start of the project
- Commit .gitignore to the repository
- Use ready-made templates
- Document entries with comments

❌ DON’T:
- Don’t ignore .gitignore itself!
- Don’t ignore critical config files

Summary

.gitignore is:
- 🛡️ Protection from accidental commits
- 🗜️ A lean repository
- 🔐 Secret security
- 📝 A clean history

Create your .gitignore NOW:
1. Copy the template for your language
2. Add .env and any other secrets
3. Commit it
4. Sleep soundly! 😴