commit-cop 1.0.0 → 1.0.1

package/README.md

@@ -1,36 +1,52 @@
-# CommitClean
+# Commit Cop
 
-CommitClean is a pre-commit safety checker that scans your **staged files** and warns you about common mistakes before they get pushed to GitHub.
+Commit Cop is a pre-commit safety checker that scans your **staged files** and warns you about common mistakes before they get pushed to GitHub.
 
 Built for students, hackathons, and dev teams who want practical guardrails—not just formatting checks.
 
+## Install
+
+```bash
+npm install commit-cop
+```
+
+Run it on staged changes:
+
+```bash
+npx commit-cop
+```
+
+Treat warnings as errors:
+
+```bash
+npx commit-cop --strict
+```
+
 ## What it checks
 
 | Check | Severity | What it catches |
 | --- | --- | --- |
+| Merge conflicts | Error | `<<<<<<<`, `=======`, `>>>>>>>` markers left in code |
 | Environment files | Error | `.env`, `.env.local`, and other `.env.*` files |
-| Generated folders | Error | `node_modules/`, `dist/`, `build/`, `.next/`, `coverage/` |
-| Secrets | Error | API keys, JWT secrets, database URLs, and similar patterns |
+| Sensitive filenames | Error | Keys, certs, `credentials.json`, `.npmrc`, and similar |
+| Generated folders | Error | `node_modules/`, `dist/`, `build/`, `.next/`, `coverage/` (including nested paths) |
+| Secrets | Error | API keys, GitHub/AWS/Stripe tokens, JWT secrets, database URLs |
 | Focused tests | Error | `test.only`, `it.only`, `describe.only` left in test files |
 | Debug logs | Warning | `console.log` in staged JS/TS code |
+| Debugger statements | Warning | `debugger` in staged JS/TS code |
 | Localhost URLs | Warning | Hardcoded `localhost` or `127.0.0.1` URLs |
+| Junk files | Warning | `.DS_Store`, `Thumbs.db`, swap/backup files |
+| Lockfile drift | Warning | `package.json` staged without `package-lock.json` (or vice versa) |
 | Large files | Warning | Staged files over 5 MB |
+| Binary files | Warning | `.zip`, `.exe`, `.mp4`, and other non-text files |
 
 Errors block the commit. Warnings are reported but do not block unless you use `--strict`.
 
-## Usage
-
-Run inside a Git repository with staged changes:
+## Local development
 
 ```bash
 npm install
-npm run commitclean
-```
-
-Treat warnings as errors:
-
-```bash
-npm run commitclean -- --strict
+npm run commit-cop
 ```
 
 Build and run the compiled CLI:
@@ -59,4 +75,4 @@ Each check implements the same interface: receive staged files, return findings
 1. Read staged file paths with `git diff --cached --name-only`
 2. Run every check in `src/checks/`
 3. Print a summary with file locations and fix suggestions
-4. Exit with code `1` if errors are found (or warnings in strict mode)
+4. Exit with code `1` if errors are found (or warnings in strict mode)

package/dist/checks/binaryFileCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const binaryFileCheck: Check;
+//# sourceMappingURL=binaryFileCheck.d.ts.map

package/dist/checks/binaryFileCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binaryFileCheck.d.ts","sourceRoot":"","sources":["../../src/checks/binaryFileCheck.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AA0BlD,eAAO,MAAM,eAAe,EAAE,KAoC7B,CAAC"}

package/dist/checks/binaryFileCheck.js

@@ -0,0 +1,53 @@
+import fs from "node:fs";
+import { getBaseName } from "./utils.js";
+const binaryExtensions = new Set([
+    ".zip",
+    ".exe",
+    ".dll",
+    ".mp4",
+    ".mov",
+    ".sqlite",
+    ".db",
+]);
+function hasNullBytes(file) {
+    const buffer = fs.readFileSync(file);
+    const sampleSize = Math.min(buffer.length, 8192);
+    for (let index = 0; index < sampleSize; index += 1) {
+        if (buffer[index] === 0) {
+            return true;
+        }
+    }
+    return false;
+}
+export const binaryFileCheck = {
+    name: "binary-file-check",
+    async run(context) {
+        const findings = [];
+        for (const file of context.stagedFiles) {
+            if (!fs.existsSync(file))
+                continue;
+            const baseName = getBaseName(file);
+            const extension = baseName.includes(".")
+                ? baseName.slice(baseName.lastIndexOf(".")).toLowerCase()
+                : "";
+            let isBinary = binaryExtensions.has(extension);
+            try {
+                isBinary ||= hasNullBytes(file);
+            }
+            catch {
+                continue;
+            }
+            if (isBinary) {
+                findings.push({
+                    severity: "warning",
+                    checkName: this.name,
+                    file,
+                    message: "Binary or non-text file is staged.",
+                    suggestion: "Remove it from the commit or store it outside Git (e.g. Git LFS).",
+                });
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=binaryFileCheck.js.map

package/dist/checks/binaryFileCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"binaryFileCheck.js","sourceRoot":"","sources":["../../src/checks/binaryFileCheck.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,SAAS;IACT,KAAK;CACN,CAAC,CAAC;AAEH,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEjD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,UAAU,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACnD,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAU;IACpC,IAAI,EAAE,mBAAmB;IAEzB,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEnC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE;gBACzD,CAAC,CAAC,EAAE,CAAC;YAEP,IAAI,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE/C,IAAI,CAAC;gBACH,QAAQ,KAAK,YAAY,CAAC,IAAI,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,SAAS;oBACnB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,OAAO,EAAE,oCAAoC;oBAC7C,UAAU,EACR,mEAAmE;iBACtE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/debuggerCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const debuggerCheck: Check;
+//# sourceMappingURL=debuggerCheck.d.ts.map

package/dist/checks/debuggerCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"debuggerCheck.d.ts","sourceRoot":"","sources":["../../src/checks/debuggerCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAGlD,eAAO,MAAM,aAAa,EAAE,KA4B3B,CAAC"}

package/dist/checks/debuggerCheck.js

@@ -0,0 +1,28 @@
+import { isCodeFile, readFileLines } from "./utils.js";
+export const debuggerCheck = {
+    name: "debugger-check",
+    async run(context) {
+        const findings = [];
+        for (const file of context.stagedFiles) {
+            if (!isCodeFile(file))
+                continue;
+            const lines = readFileLines(file);
+            if (!lines)
+                continue;
+            lines.forEach((line, index) => {
+                if (/\bdebugger\b/.test(line)) {
+                    findings.push({
+                        severity: "warning",
+                        checkName: this.name,
+                        file,
+                        line: index + 1,
+                        message: "debugger statement found in staged code.",
+                        suggestion: "Remove debugger statements before committing.",
+                    });
+                }
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=debuggerCheck.js.map

package/dist/checks/debuggerCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debuggerCheck.js","sourceRoot":"","sources":["../../src/checks/debuggerCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEvD,MAAM,CAAC,MAAM,aAAa,GAAU;IAClC,IAAI,EAAE,gBAAgB;IAEtB,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEhC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC9B,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ,EAAE,SAAS;wBACnB,SAAS,EAAE,IAAI,CAAC,IAAI;wBACpB,IAAI;wBACJ,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,OAAO,EAAE,0CAA0C;wBACnD,UAAU,EAAE,+CAA+C;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/generatedFolderCheck.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generatedFolderCheck.d.ts","sourceRoot":"","sources":["../../src/checks/generatedFolderCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAUlD,eAAO,MAAM,oBAAoB,EAAE,KA0BlC,CAAC"}
+{"version":3,"file":"generatedFolderCheck.d.ts","sourceRoot":"","sources":["../../src/checks/generatedFolderCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAkBlD,eAAO,MAAM,oBAAoB,EAAE,KA0BlC,CAAC"}

package/dist/checks/generatedFolderCheck.js

@@ -1,3 +1,4 @@
+import { normalizePath } from "./utils.js";
 const blockedFolders = [
     "node_modules/",
     "dist/",
@@ -5,13 +6,17 @@ const blockedFolders = [
     ".next/",
     "coverage/",
 ];
+function matchesBlockedFolder(normalizedPath, folder) {
+    return (normalizedPath.startsWith(folder) ||
+        normalizedPath.includes(`/${folder}`));
+}
 export const generatedFolderCheck = {
     name: "generated-folder-check",
     async run(context) {
         const findings = [];
         for (const file of context.stagedFiles) {
-            const normalized = file.replaceAll("\\", "/");
-            const matchedFolder = blockedFolders.find((folder) => normalized.startsWith(folder));
+            const normalized = normalizePath(file);
+            const matchedFolder = blockedFolders.find((folder) => matchesBlockedFolder(normalized, folder));
             if (matchedFolder) {
                 findings.push({
                     severity: "error",

package/dist/checks/generatedFolderCheck.js.map

@@ -1 +1 @@
-{"version":3,"file":"generatedFolderCheck.js","sourceRoot":"","sources":["../../src/checks/generatedFolderCheck.ts"],"names":[],"mappings":"AAEA,MAAM,cAAc,GAAG;IACrB,eAAe;IACf,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,WAAW;CACZ,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAU;IACzC,IAAI,EAAE,wBAAwB;IAE9B,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACnD,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAC9B,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,OAAO;oBACjB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,OAAO,EAAE,GAAG,aAAa,kEAAkE;oBAC3F,UAAU,EAAE,OAAO,aAAa,gDAAgD,IAAI,EAAE;iBACvF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
+{"version":3,"file":"generatedFolderCheck.js","sourceRoot":"","sources":["../../src/checks/generatedFolderCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,MAAM,cAAc,GAAG;IACrB,eAAe;IACf,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,WAAW;CACZ,CAAC;AAEF,SAAS,oBAAoB,CAAC,cAAsB,EAAE,MAAc;IAClE,OAAO,CACL,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QACjC,cAAc,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CACtC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAU;IACzC,IAAI,EAAE,wBAAwB;IAE9B,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAEvC,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACnD,oBAAoB,CAAC,UAAU,EAAE,MAAM,CAAC,CACzC,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,OAAO;oBACjB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,OAAO,EAAE,GAAG,aAAa,kEAAkE;oBAC3F,UAAU,EAAE,OAAO,aAAa,gDAAgD,IAAI,EAAE;iBACvF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/junkFileCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const junkFileCheck: Check;
+//# sourceMappingURL=junkFileCheck.d.ts.map

package/dist/checks/junkFileCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"junkFileCheck.d.ts","sourceRoot":"","sources":["../../src/checks/junkFileCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAWlD,eAAO,MAAM,aAAa,EAAE,KA2B3B,CAAC"}

package/dist/checks/junkFileCheck.js

@@ -0,0 +1,30 @@
+import { getBaseName, matchesAnyPattern } from "./utils.js";
+const junkExactNames = new Set([
+    ".ds_store",
+    "thumbs.db",
+    "desktop.ini",
+]);
+const junkNamePatterns = [/\.swp$/i, /\.bak$/i, /\.tmp$/i, /~$/];
+export const junkFileCheck = {
+    name: "junk-file-check",
+    async run(context) {
+        const findings = [];
+        for (const file of context.stagedFiles) {
+            const baseName = getBaseName(file);
+            const normalizedBaseName = baseName.toLowerCase();
+            const isJunk = junkExactNames.has(normalizedBaseName) ||
+                matchesAnyPattern(baseName, junkNamePatterns);
+            if (isJunk) {
+                findings.push({
+                    severity: "warning",
+                    checkName: this.name,
+                    file,
+                    message: "OS or editor junk file is staged.",
+                    suggestion: `Run: git restore --staged ${file}`,
+                });
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=junkFileCheck.js.map

package/dist/checks/junkFileCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"junkFileCheck.js","sourceRoot":"","sources":["../../src/checks/junkFileCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,WAAW;IACX,WAAW;IACX,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,aAAa,GAAU;IAClC,IAAI,EAAE,iBAAiB;IAEvB,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,kBAAkB,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YAElD,MAAM,MAAM,GACV,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;gBACtC,iBAAiB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;YAEhD,IAAI,MAAM,EAAE,CAAC;gBACX,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,SAAS;oBACnB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,OAAO,EAAE,mCAAmC;oBAC5C,UAAU,EAAE,6BAA6B,IAAI,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/lockfileDriftCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const lockfileDriftCheck: Check;
+//# sourceMappingURL=lockfileDriftCheck.d.ts.map

package/dist/checks/lockfileDriftCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfileDriftCheck.d.ts","sourceRoot":"","sources":["../../src/checks/lockfileDriftCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAOlD,eAAO,MAAM,kBAAkB,EAAE,KA8BhC,CAAC"}

package/dist/checks/lockfileDriftCheck.js

@@ -0,0 +1,32 @@
+import { normalizePath } from "./utils.js";
+function isStaged(stagedFiles, target) {
+    return stagedFiles.some((file) => normalizePath(file) === target);
+}
+export const lockfileDriftCheck = {
+    name: "lockfile-drift-check",
+    async run(context) {
+        const findings = [];
+        const packageJsonStaged = isStaged(context.stagedFiles, "package.json");
+        const lockfileStaged = isStaged(context.stagedFiles, "package-lock.json");
+        if (packageJsonStaged && !lockfileStaged) {
+            findings.push({
+                severity: "warning",
+                checkName: this.name,
+                file: "package.json",
+                message: "package.json is staged but package-lock.json is not.",
+                suggestion: "Run npm install and stage package-lock.json.",
+            });
+        }
+        if (lockfileStaged && !packageJsonStaged) {
+            findings.push({
+                severity: "warning",
+                checkName: this.name,
+                file: "package-lock.json",
+                message: "package-lock.json is staged but package.json is not.",
+                suggestion: "Stage package.json or unstage the lockfile.",
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=lockfileDriftCheck.js.map

package/dist/checks/lockfileDriftCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfileDriftCheck.js","sourceRoot":"","sources":["../../src/checks/lockfileDriftCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,SAAS,QAAQ,CAAC,WAAqB,EAAE,MAAc;IACrD,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAU;IACvC,IAAI,EAAE,sBAAsB;IAE5B,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACxE,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;QAE1E,IAAI,iBAAiB,IAAI,CAAC,cAAc,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,IAAI,CAAC,IAAI;gBACpB,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,sDAAsD;gBAC/D,UAAU,EAAE,8CAA8C;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,cAAc,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,IAAI,CAAC,IAAI;gBACpB,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,sDAAsD;gBAC/D,UAAU,EAAE,6CAA6C;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/mergeConflictCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const mergeConflictCheck: Check;
+//# sourceMappingURL=mergeConflictCheck.d.ts.map

package/dist/checks/mergeConflictCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mergeConflictCheck.d.ts","sourceRoot":"","sources":["../../src/checks/mergeConflictCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAKlD,eAAO,MAAM,kBAAkB,EAAE,KAkChC,CAAC"}

package/dist/checks/mergeConflictCheck.js

@@ -0,0 +1,33 @@
+import { readFileLines, shouldSkipContentScan } from "./utils.js";
+const conflictMarkers = ["<<<<<<<", "=======", ">>>>>>>"];
+export const mergeConflictCheck = {
+    name: "merge-conflict-check",
+    async run(context) {
+        const findings = [];
+        for (const file of context.stagedFiles) {
+            if (shouldSkipContentScan(file))
+                continue;
+            const lines = readFileLines(file);
+            if (!lines)
+                continue;
+            lines.forEach((line, index) => {
+                const trimmed = line.trim();
+                for (const marker of conflictMarkers) {
+                    if (trimmed.startsWith(marker)) {
+                        findings.push({
+                            severity: "error",
+                            checkName: this.name,
+                            file,
+                            line: index + 1,
+                            message: "Merge conflict marker found in staged file.",
+                            suggestion: "Resolve the conflict, remove the markers, and restage the file.",
+                        });
+                        return;
+                    }
+                }
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=mergeConflictCheck.js.map

package/dist/checks/mergeConflictCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mergeConflictCheck.js","sourceRoot":"","sources":["../../src/checks/mergeConflictCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAElE,MAAM,eAAe,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,kBAAkB,GAAU;IACvC,IAAI,EAAE,sBAAsB;IAE5B,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,qBAAqB,CAAC,IAAI,CAAC;gBAAE,SAAS;YAE1C,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;oBACrC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC/B,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ,EAAE,OAAO;4BACjB,SAAS,EAAE,IAAI,CAAC,IAAI;4BACpB,IAAI;4BACJ,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,OAAO,EAAE,6CAA6C;4BACtD,UAAU,EACR,iEAAiE;yBACpE,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/secretCheck.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secretCheck.d.ts","sourceRoot":"","sources":["../../src/checks/secretCheck.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAYlD,eAAO,MAAM,WAAW,EAAE,KA8BzB,CAAC"}
+{"version":3,"file":"secretCheck.d.ts","sourceRoot":"","sources":["../../src/checks/secretCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAyBlD,eAAO,MAAM,WAAW,EAAE,KAkCzB,CAAC"}

package/dist/checks/secretCheck.js

@@ -1,4 +1,4 @@
-import fs from "node:fs";
+import { isCommentLine, isPlaceholderValue, readFileLines, shouldSkipContentScan, } from "./utils.js";
 const secretPatterns = [
     /OPENAI_API_KEY\s*=/i,
     /DATABASE_URL\s*=/i,
@@ -7,17 +7,27 @@ const secretPatterns = [
     /PRIVATE_KEY\s*=/i,
     /SECRET_KEY\s*=/i,
     /sk-[A-Za-z0-9_-]{20,}/,
+    /ghp_[A-Za-z0-9]{36,}/,
+    /github_pat_[A-Za-z0-9_]+/,
+    /AKIA[0-9A-Z]{16}/,
+    /sk_live_[A-Za-z0-9]+/,
+    /AIza[0-9A-Za-z_-]{35}/,
+    /hooks\.slack\.com\/services\//,
+    /password\s*=\s*['"][^'"]{8,}['"]/i,
 ];
 export const secretCheck = {
     name: "secret-check",
     async run(context) {
         const findings = [];
         for (const file of context.stagedFiles) {
-            if (!fs.existsSync(file))
+            if (shouldSkipContentScan(file))
+                continue;
+            const lines = readFileLines(file);
+            if (!lines)
                 continue;
-            const content = fs.readFileSync(file, "utf-8");
-            const lines = content.split("\n");
             lines.forEach((line, index) => {
+                if (isCommentLine(line) || isPlaceholderValue(line))
+                    return;
                 for (const pattern of secretPatterns) {
                     if (pattern.test(line)) {
                         findings.push({
@@ -28,6 +38,7 @@ export const secretCheck = {
                             message: "Possible secret found in staged file.",
                             suggestion: "Remove the secret and rotate it if it was already pushed.",
                         });
+                        return;
                     }
                 }
             });

package/dist/checks/secretCheck.js.map

@@ -1 +1 @@
-{"version":3,"file":"secretCheck.js","sourceRoot":"","sources":["../../src/checks/secretCheck.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAGzB,MAAM,cAAc,GAAG;IACrB,qBAAqB;IACrB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,iBAAiB;IACjB,uBAAuB;CACxB,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAU;IAChC,IAAI,EAAE,cAAc;IAEpB,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEnC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;oBACrC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ,EAAE,OAAO;4BACjB,SAAS,EAAE,IAAI,CAAC,IAAI;4BACpB,IAAI;4BACJ,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,OAAO,EAAE,uCAAuC;4BAChD,UAAU,EAAE,2DAA2D;yBACxE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
+{"version":3,"file":"secretCheck.js","sourceRoot":"","sources":["../../src/checks/secretCheck.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,aAAa,EACb,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,MAAM,cAAc,GAAG;IACrB,qBAAqB;IACrB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,iBAAiB;IACjB,uBAAuB;IACvB,sBAAsB;IACtB,0BAA0B;IAC1B,kBAAkB;IAClB,sBAAsB;IACtB,uBAAuB;IACvB,+BAA+B;IAC/B,mCAAmC;CACpC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAU;IAChC,IAAI,EAAE,cAAc;IAEpB,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,qBAAqB,CAAC,IAAI,CAAC;gBAAE,SAAS;YAE1C,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC;oBAAE,OAAO;gBAE5D,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;oBACrC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ,EAAE,OAAO;4BACjB,SAAS,EAAE,IAAI,CAAC,IAAI;4BACpB,IAAI;4BACJ,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,OAAO,EAAE,uCAAuC;4BAChD,UAAU,EACR,2DAA2D;yBAC9D,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/sensitiveFilenameCheck.d.ts

@@ -0,0 +1,3 @@
+import type { Check } from "../types.js";
+export declare const sensitiveFilenameCheck: Check;
+//# sourceMappingURL=sensitiveFilenameCheck.d.ts.map

package/dist/checks/sensitiveFilenameCheck.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitiveFilenameCheck.d.ts","sourceRoot":"","sources":["../../src/checks/sensitiveFilenameCheck.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,aAAa,CAAC;AAmBlD,eAAO,MAAM,sBAAsB,EAAE,KA8BpC,CAAC"}

package/dist/checks/sensitiveFilenameCheck.js

@@ -0,0 +1,41 @@
+import { getBaseName, matchesAnyPattern, normalizePath } from "./utils.js";
+const sensitiveExactNames = new Set([
+    "id_rsa",
+    "id_ed25519",
+    "credentials.json",
+    "serviceaccountkey.json",
+    ".npmrc",
+    ".pypirc",
+]);
+const sensitiveNamePatterns = [
+    /\.pem$/i,
+    /\.p12$/i,
+    /\.key$/i,
+    /^firebase-adminsdk.*\.json$/i,
+];
+export const sensitiveFilenameCheck = {
+    name: "sensitive-filename-check",
+    async run(context) {
+        const findings = [];
+        for (const file of context.stagedFiles) {
+            const baseName = getBaseName(file);
+            const normalizedBaseName = baseName.toLowerCase();
+            const normalizedPath = normalizePath(file).toLowerCase();
+            const isSensitive = sensitiveExactNames.has(normalizedBaseName) ||
+                matchesAnyPattern(baseName, sensitiveNamePatterns) ||
+                normalizedPath.endsWith("/credentials.json") ||
+                normalizedPath.includes("serviceaccountkey.json");
+            if (isSensitive) {
+                findings.push({
+                    severity: "error",
+                    checkName: this.name,
+                    file,
+                    message: "Sensitive credential file is staged.",
+                    suggestion: `Run: git restore --staged ${file}`,
+                });
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=sensitiveFilenameCheck.js.map

package/dist/checks/sensitiveFilenameCheck.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitiveFilenameCheck.js","sourceRoot":"","sources":["../../src/checks/sensitiveFilenameCheck.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,QAAQ;IACR,YAAY;IACZ,kBAAkB;IAClB,wBAAwB;IACxB,QAAQ;IACR,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,SAAS;IACT,8BAA8B;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAU;IAC3C,IAAI,EAAE,0BAA0B;IAEhC,KAAK,CAAC,GAAG,CAAC,OAAO;QACf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,kBAAkB,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAEzD,MAAM,WAAW,GACf,mBAAmB,CAAC,GAAG,CAAC,kBAAkB,CAAC;gBAC3C,iBAAiB,CAAC,QAAQ,EAAE,qBAAqB,CAAC;gBAClD,cAAc,CAAC,QAAQ,CAAC,mBAAmB,CAAC;gBAC5C,cAAc,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YAEpD,IAAI,WAAW,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,OAAO;oBACjB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,OAAO,EAAE,sCAAsC;oBAC/C,UAAU,EAAE,6BAA6B,IAAI,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/checks/utils.d.ts

@@ -0,0 +1,9 @@
+export declare function normalizePath(file: string): string;
+export declare function getBaseName(file: string): string;
+export declare function isCodeFile(file: string): boolean;
+export declare function shouldSkipContentScan(file: string): boolean;
+export declare function readFileLines(file: string): string[] | null;
+export declare function isCommentLine(line: string): boolean;
+export declare function isPlaceholderValue(line: string): boolean;
+export declare function matchesAnyPattern(value: string, patterns: RegExp[]): boolean;
+//# sourceMappingURL=utils.d.ts.map

package/dist/checks/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/checks/utils.ts"],"names":[],"mappings":"AAgBA,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAQ3D;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAQnD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAET"}

package/dist/checks/utils.js

@@ -0,0 +1,48 @@
+import fs from "node:fs";
+const CODE_EXTENSIONS = [".js", ".jsx", ".ts", ".tsx"];
+const SKIP_CONTENT_EXTENSIONS = [".md", ".example", ".sample"];
+const PLACEHOLDER_PATTERNS = [
+    /your-api-key/i,
+    /changeme/i,
+    /xxx+/i,
+    /TODO/i,
+    /placeholder/i,
+    /example/i,
+    /replace-me/i,
+];
+export function normalizePath(file) {
+    return file.replaceAll("\\", "/");
+}
+export function getBaseName(file) {
+    return normalizePath(file).split("/").pop() ?? "";
+}
+export function isCodeFile(file) {
+    return CODE_EXTENSIONS.some((ext) => file.endsWith(ext));
+}
+export function shouldSkipContentScan(file) {
+    return SKIP_CONTENT_EXTENSIONS.some((ext) => file.endsWith(ext));
+}
+export function readFileLines(file) {
+    if (!fs.existsSync(file))
+        return null;
+    try {
+        return fs.readFileSync(file, "utf-8").split("\n");
+    }
+    catch {
+        return null;
+    }
+}
+export function isCommentLine(line) {
+    const trimmed = line.trim();
+    return (trimmed.startsWith("//") ||
+        trimmed.startsWith("#") ||
+        trimmed.startsWith("*") ||
+        trimmed.startsWith("/*"));
+}
+export function isPlaceholderValue(line) {
+    return PLACEHOLDER_PATTERNS.some((pattern) => pattern.test(line));
+}
+export function matchesAnyPattern(value, patterns) {
+    return patterns.some((pattern) => pattern.test(value));
+}
+//# sourceMappingURL=utils.js.map

package/dist/checks/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/checks/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAEvD,MAAM,uBAAuB,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;AAE/D,MAAM,oBAAoB,GAAG;IAC3B,eAAe;IACf,WAAW;IACX,OAAO;IACP,OAAO;IACP,cAAc;IACd,UAAU;IACV,aAAa;CACd,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,QAAkB;IAElB,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACzD,CAAC"}

package/dist/index.js

@@ -5,7 +5,7 @@ import { runChecks } from "./scanner.js";
 import { printReport } from "./reporter.js";
 const program = new Command();
 program
-    .name("commitclean")
+    .name("commit-cop")
     .description("Pre-commit safety checker for staged files")
     .option("--strict", "Treat warnings as errors")
     .action(async (options) => {

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,4CAA4C,CAAC;KACzD,MAAM,CAAC,UAAU,EAAE,0BAA0B,CAAC;KAC9C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IAErC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC;QAC/B,WAAW;QACX,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAE1C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC3E,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAC5C,CAAC;IAEF,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,YAAY,CAAC;KAClB,WAAW,CAAC,4CAA4C,CAAC;KACzD,MAAM,CAAC,UAAU,EAAE,0BAA0B,CAAC;KAC9C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IAErC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC;QAC/B,WAAW;QACX,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAE1C,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC3E,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAC5C,CAAC;IAEF,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/scanner.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAmBxD,wBAAsB,SAAS,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CASzE"}
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA+BxD,wBAAsB,SAAS,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CASzE"}

package/dist/scanner.js

@@ -1,18 +1,30 @@
 import { envFileCheck } from "./checks/envFileCheck.js";
 import { generatedFolderCheck } from "./checks/generatedFolderCheck.js";
-import { consoleLogCheck } from "./checks/consoleLogCheck.js";
+import { mergeConflictCheck } from "./checks/mergeConflictCheck.js";
+import { sensitiveFilenameCheck } from "./checks/sensitiveFilenameCheck.js";
+import { secretCheck } from "./checks/secretCheck.js";
 import { focusedTestCheck } from "./checks/focusedTestCheck.js";
+import { consoleLogCheck } from "./checks/consoleLogCheck.js";
+import { debuggerCheck } from "./checks/debuggerCheck.js";
 import { localHostCheck } from "./checks/localHostCheck.js";
+import { junkFileCheck } from "./checks/junkFileCheck.js";
+import { lockfileDriftCheck } from "./checks/lockfileDriftCheck.js";
 import { largeFileCheck } from "./checks/largeFileCheck.js";
-import { secretCheck } from "./checks/secretCheck.js";
+import { binaryFileCheck } from "./checks/binaryFileCheck.js";
 const checks = [
+    mergeConflictCheck,
     envFileCheck,
+    sensitiveFilenameCheck,
     generatedFolderCheck,
     secretCheck,
     focusedTestCheck,
     consoleLogCheck,
+    debuggerCheck,
     localHostCheck,
+    junkFileCheck,
+    lockfileDriftCheck,
     largeFileCheck,
+    binaryFileCheck,
 ];
 export async function runChecks(context) {
     const allFindings = [];

package/dist/scanner.js.map

@@ -1 +1 @@
-{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,MAAM,GAAG;IACb,YAAY;IACZ,oBAAoB;IACpB,WAAW;IACX,gBAAgB;IAChB,eAAe;IACf,cAAc;IACd,cAAc;CACf,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAqB;IACnD,MAAM,WAAW,GAAc,EAAE,CAAC;IAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC"}
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,MAAM,GAAG;IACb,kBAAkB;IAClB,YAAY;IACZ,sBAAsB;IACtB,oBAAoB;IACpB,WAAW;IACX,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,cAAc;IACd,aAAa;IACb,kBAAkB;IAClB,cAAc;IACd,eAAe;CAChB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAqB;IACnD,MAAM,WAAW,GAAc,EAAE,CAAC;IAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/package.json

@@ -1,16 +1,16 @@
 {
   "name": "commit-cop",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "A pre-commit safety checker that scans staged files for risky commits.",
   "type": "module",
   "bin": {
-    "commitclean": "./dist/index.js"
+    "commit-cop": "./dist/index.js"
   },
   "scripts": {
     "dev": "tsx src/index.ts",
     "build": "tsc",
     "start": "node dist/index.js",
-    "commitclean": "tsx src/index.ts"
+    "commit-cop": "tsx src/index.ts"
   },
   "repository": {
     "type": "git",
@@ -38,4 +38,4 @@
     "chalk": "^5.6.2",
     "commander": "^14.0.3"
   }
-}
+}

package/src/checks/binaryFileCheck.ts

@@ -0,0 +1,64 @@
+import fs from "node:fs";
+import type { Check, Finding } from "../types.js";
+import { getBaseName } from "./utils.js";
+
+const binaryExtensions = new Set([
+  ".zip",
+  ".exe",
+  ".dll",
+  ".mp4",
+  ".mov",
+  ".sqlite",
+  ".db",
+]);
+
+function hasNullBytes(file: string): boolean {
+  const buffer = fs.readFileSync(file);
+  const sampleSize = Math.min(buffer.length, 8192);
+
+  for (let index = 0; index < sampleSize; index += 1) {
+    if (buffer[index] === 0) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+export const binaryFileCheck: Check = {
+  name: "binary-file-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+
+    for (const file of context.stagedFiles) {
+      if (!fs.existsSync(file)) continue;
+
+      const baseName = getBaseName(file);
+      const extension = baseName.includes(".")
+        ? baseName.slice(baseName.lastIndexOf(".")).toLowerCase()
+        : "";
+
+      let isBinary = binaryExtensions.has(extension);
+
+      try {
+        isBinary ||= hasNullBytes(file);
+      } catch {
+        continue;
+      }
+
+      if (isBinary) {
+        findings.push({
+          severity: "warning",
+          checkName: this.name,
+          file,
+          message: "Binary or non-text file is staged.",
+          suggestion:
+            "Remove it from the commit or store it outside Git (e.g. Git LFS).",
+        });
+      }
+    }
+
+    return findings;
+  },
+};

package/src/checks/debuggerCheck.ts

@@ -0,0 +1,32 @@
+import type { Check, Finding } from "../types.js";
+import { isCodeFile, readFileLines } from "./utils.js";
+
+export const debuggerCheck: Check = {
+  name: "debugger-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+
+    for (const file of context.stagedFiles) {
+      if (!isCodeFile(file)) continue;
+
+      const lines = readFileLines(file);
+      if (!lines) continue;
+
+      lines.forEach((line, index) => {
+        if (/\bdebugger\b/.test(line)) {
+          findings.push({
+            severity: "warning",
+            checkName: this.name,
+            file,
+            line: index + 1,
+            message: "debugger statement found in staged code.",
+            suggestion: "Remove debugger statements before committing.",
+          });
+        }
+      });
+    }
+
+    return findings;
+  },
+};

package/src/checks/generatedFolderCheck.ts

@@ -1,4 +1,5 @@
 import type { Check, Finding } from "../types.js";
+import { normalizePath } from "./utils.js";
 
 const blockedFolders = [
   "node_modules/",
@@ -8,6 +9,13 @@ const blockedFolders = [
   "coverage/",
 ];
 
+function matchesBlockedFolder(normalizedPath: string, folder: string): boolean {
+  return (
+    normalizedPath.startsWith(folder) ||
+    normalizedPath.includes(`/${folder}`)
+  );
+}
+
 export const generatedFolderCheck: Check = {
   name: "generated-folder-check",
 
@@ -15,10 +23,10 @@ export const generatedFolderCheck: Check = {
     const findings: Finding[] = [];
 
     for (const file of context.stagedFiles) {
-      const normalized = file.replaceAll("\\", "/");
+      const normalized = normalizePath(file);
 
       const matchedFolder = blockedFolders.find((folder) =>
-        normalized.startsWith(folder)
+        matchesBlockedFolder(normalized, folder)
       );
 
       if (matchedFolder) {
@@ -34,4 +42,4 @@ export const generatedFolderCheck: Check = {
 
     return findings;
   },
-};
+};

package/src/checks/junkFileCheck.ts

@@ -0,0 +1,39 @@
+import type { Check, Finding } from "../types.js";
+import { getBaseName, matchesAnyPattern } from "./utils.js";
+
+const junkExactNames = new Set([
+  ".ds_store",
+  "thumbs.db",
+  "desktop.ini",
+]);
+
+const junkNamePatterns = [/\.swp$/i, /\.bak$/i, /\.tmp$/i, /~$/];
+
+export const junkFileCheck: Check = {
+  name: "junk-file-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+
+    for (const file of context.stagedFiles) {
+      const baseName = getBaseName(file);
+      const normalizedBaseName = baseName.toLowerCase();
+
+      const isJunk =
+        junkExactNames.has(normalizedBaseName) ||
+        matchesAnyPattern(baseName, junkNamePatterns);
+
+      if (isJunk) {
+        findings.push({
+          severity: "warning",
+          checkName: this.name,
+          file,
+          message: "OS or editor junk file is staged.",
+          suggestion: `Run: git restore --staged ${file}`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};

package/src/checks/lockfileDriftCheck.ts

@@ -0,0 +1,38 @@
+import type { Check, Finding } from "../types.js";
+import { normalizePath } from "./utils.js";
+
+function isStaged(stagedFiles: string[], target: string): boolean {
+  return stagedFiles.some((file) => normalizePath(file) === target);
+}
+
+export const lockfileDriftCheck: Check = {
+  name: "lockfile-drift-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+    const packageJsonStaged = isStaged(context.stagedFiles, "package.json");
+    const lockfileStaged = isStaged(context.stagedFiles, "package-lock.json");
+
+    if (packageJsonStaged && !lockfileStaged) {
+      findings.push({
+        severity: "warning",
+        checkName: this.name,
+        file: "package.json",
+        message: "package.json is staged but package-lock.json is not.",
+        suggestion: "Run npm install and stage package-lock.json.",
+      });
+    }
+
+    if (lockfileStaged && !packageJsonStaged) {
+      findings.push({
+        severity: "warning",
+        checkName: this.name,
+        file: "package-lock.json",
+        message: "package-lock.json is staged but package.json is not.",
+        suggestion: "Stage package.json or unstage the lockfile.",
+      });
+    }
+
+    return findings;
+  },
+};

package/src/checks/mergeConflictCheck.ts

@@ -0,0 +1,40 @@
+import type { Check, Finding } from "../types.js";
+import { readFileLines, shouldSkipContentScan } from "./utils.js";
+
+const conflictMarkers = ["<<<<<<<", "=======", ">>>>>>>"];
+
+export const mergeConflictCheck: Check = {
+  name: "merge-conflict-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+
+    for (const file of context.stagedFiles) {
+      if (shouldSkipContentScan(file)) continue;
+
+      const lines = readFileLines(file);
+      if (!lines) continue;
+
+      lines.forEach((line, index) => {
+        const trimmed = line.trim();
+
+        for (const marker of conflictMarkers) {
+          if (trimmed.startsWith(marker)) {
+            findings.push({
+              severity: "error",
+              checkName: this.name,
+              file,
+              line: index + 1,
+              message: "Merge conflict marker found in staged file.",
+              suggestion:
+                "Resolve the conflict, remove the markers, and restage the file.",
+            });
+            return;
+          }
+        }
+      });
+    }
+
+    return findings;
+  },
+};

package/src/checks/secretCheck.ts

@@ -1,5 +1,10 @@
-import fs from "node:fs";
 import type { Check, Finding } from "../types.js";
+import {
+  isCommentLine,
+  isPlaceholderValue,
+  readFileLines,
+  shouldSkipContentScan,
+} from "./utils.js";
 
 const secretPatterns = [
   /OPENAI_API_KEY\s*=/i,
@@ -9,6 +14,13 @@ const secretPatterns = [
   /PRIVATE_KEY\s*=/i,
   /SECRET_KEY\s*=/i,
   /sk-[A-Za-z0-9_-]{20,}/,
+  /ghp_[A-Za-z0-9]{36,}/,
+  /github_pat_[A-Za-z0-9_]+/,
+  /AKIA[0-9A-Z]{16}/,
+  /sk_live_[A-Za-z0-9]+/,
+  /AIza[0-9A-Za-z_-]{35}/,
+  /hooks\.slack\.com\/services\//,
+  /password\s*=\s*['"][^'"]{8,}['"]/i,
 ];
 
 export const secretCheck: Check = {
@@ -18,12 +30,14 @@ export const secretCheck: Check = {
     const findings: Finding[] = [];
 
     for (const file of context.stagedFiles) {
-      if (!fs.existsSync(file)) continue;
+      if (shouldSkipContentScan(file)) continue;
 
-      const content = fs.readFileSync(file, "utf-8");
-      const lines = content.split("\n");
+      const lines = readFileLines(file);
+      if (!lines) continue;
 
       lines.forEach((line, index) => {
+        if (isCommentLine(line) || isPlaceholderValue(line)) return;
+
         for (const pattern of secretPatterns) {
           if (pattern.test(line)) {
             findings.push({
@@ -32,8 +46,10 @@ export const secretCheck: Check = {
               file,
               line: index + 1,
               message: "Possible secret found in staged file.",
-              suggestion: "Remove the secret and rotate it if it was already pushed.",
+              suggestion:
+                "Remove the secret and rotate it if it was already pushed.",
             });
+            return;
           }
         }
       });
@@ -41,4 +57,4 @@ export const secretCheck: Check = {
 
     return findings;
   },
-};
+};

package/src/checks/sensitiveFilenameCheck.ts

@@ -0,0 +1,50 @@
+import type { Check, Finding } from "../types.js";
+import { getBaseName, matchesAnyPattern, normalizePath } from "./utils.js";
+
+const sensitiveExactNames = new Set([
+  "id_rsa",
+  "id_ed25519",
+  "credentials.json",
+  "serviceaccountkey.json",
+  ".npmrc",
+  ".pypirc",
+]);
+
+const sensitiveNamePatterns = [
+  /\.pem$/i,
+  /\.p12$/i,
+  /\.key$/i,
+  /^firebase-adminsdk.*\.json$/i,
+];
+
+export const sensitiveFilenameCheck: Check = {
+  name: "sensitive-filename-check",
+
+  async run(context) {
+    const findings: Finding[] = [];
+
+    for (const file of context.stagedFiles) {
+      const baseName = getBaseName(file);
+      const normalizedBaseName = baseName.toLowerCase();
+      const normalizedPath = normalizePath(file).toLowerCase();
+
+      const isSensitive =
+        sensitiveExactNames.has(normalizedBaseName) ||
+        matchesAnyPattern(baseName, sensitiveNamePatterns) ||
+        normalizedPath.endsWith("/credentials.json") ||
+        normalizedPath.includes("serviceaccountkey.json");
+
+      if (isSensitive) {
+        findings.push({
+          severity: "error",
+          checkName: this.name,
+          file,
+          message: "Sensitive credential file is staged.",
+          suggestion: `Run: git restore --staged ${file}`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};

package/src/checks/utils.ts

@@ -0,0 +1,62 @@
+import fs from "node:fs";
+
+const CODE_EXTENSIONS = [".js", ".jsx", ".ts", ".tsx"];
+
+const SKIP_CONTENT_EXTENSIONS = [".md", ".example", ".sample"];
+
+const PLACEHOLDER_PATTERNS = [
+  /your-api-key/i,
+  /changeme/i,
+  /xxx+/i,
+  /TODO/i,
+  /placeholder/i,
+  /example/i,
+  /replace-me/i,
+];
+
+export function normalizePath(file: string): string {
+  return file.replaceAll("\\", "/");
+}
+
+export function getBaseName(file: string): string {
+  return normalizePath(file).split("/").pop() ?? "";
+}
+
+export function isCodeFile(file: string): boolean {
+  return CODE_EXTENSIONS.some((ext) => file.endsWith(ext));
+}
+
+export function shouldSkipContentScan(file: string): boolean {
+  return SKIP_CONTENT_EXTENSIONS.some((ext) => file.endsWith(ext));
+}
+
+export function readFileLines(file: string): string[] | null {
+  if (!fs.existsSync(file)) return null;
+
+  try {
+    return fs.readFileSync(file, "utf-8").split("\n");
+  } catch {
+    return null;
+  }
+}
+
+export function isCommentLine(line: string): boolean {
+  const trimmed = line.trim();
+  return (
+    trimmed.startsWith("//") ||
+    trimmed.startsWith("#") ||
+    trimmed.startsWith("*") ||
+    trimmed.startsWith("/*")
+  );
+}
+
+export function isPlaceholderValue(line: string): boolean {
+  return PLACEHOLDER_PATTERNS.some((pattern) => pattern.test(line));
+}
+
+export function matchesAnyPattern(
+  value: string,
+  patterns: RegExp[]
+): boolean {
+  return patterns.some((pattern) => pattern.test(value));
+}

package/src/index.ts

@@ -8,7 +8,7 @@ import { printReport } from "./reporter.js";
 const program = new Command();
 
 program
-  .name("commitclean")
+  .name("commit-cop")
   .description("Pre-commit safety checker for staged files")
   .option("--strict", "Treat warnings as errors")
   .action(async (options) => {

package/src/scanner.ts

@@ -1,20 +1,32 @@
 import type { CheckContext, Finding } from "./types.js";
 import { envFileCheck } from "./checks/envFileCheck.js";
 import { generatedFolderCheck } from "./checks/generatedFolderCheck.ts";
-import { consoleLogCheck } from "./checks/consoleLogCheck.ts";
+import { mergeConflictCheck } from "./checks/mergeConflictCheck.ts";
+import { sensitiveFilenameCheck } from "./checks/sensitiveFilenameCheck.ts";
+import { secretCheck } from "./checks/secretCheck.ts";
 import { focusedTestCheck } from "./checks/focusedTestCheck.ts";
+import { consoleLogCheck } from "./checks/consoleLogCheck.ts";
+import { debuggerCheck } from "./checks/debuggerCheck.ts";
 import { localHostCheck } from "./checks/localHostCheck.ts";
+import { junkFileCheck } from "./checks/junkFileCheck.ts";
+import { lockfileDriftCheck } from "./checks/lockfileDriftCheck.ts";
 import { largeFileCheck } from "./checks/largeFileCheck.ts";
-import { secretCheck } from "./checks/secretCheck.ts";
+import { binaryFileCheck } from "./checks/binaryFileCheck.ts";
 
 const checks = [
+  mergeConflictCheck,
   envFileCheck,
+  sensitiveFilenameCheck,
   generatedFolderCheck,
   secretCheck,
   focusedTestCheck,
   consoleLogCheck,
+  debuggerCheck,
   localHostCheck,
+  junkFileCheck,
+  lockfileDriftCheck,
   largeFileCheck,
+  binaryFileCheck,
 ];
 
 export async function runChecks(context: CheckContext): Promise<Finding[]> {
@@ -26,4 +38,4 @@ export async function runChecks(context: CheckContext): Promise<Finding[]> {
   }
 
   return allFindings;
-}
+}