Overview - Client-side vs server-side hooks

What is it?

Git hooks are scripts that run automatically at certain points in the Git workflow. Client-side hooks run on your local computer before or after actions like committing or merging. Server-side hooks run on the remote repository server to control actions like pushing or receiving changes. They help automate checks, enforce rules, or trigger tasks without manual steps.

Why it matters

Without hooks, developers would have to remember to run checks or scripts manually, which leads to mistakes and inconsistent code quality. Hooks automate important tasks like code style checks or security scans, saving time and preventing errors. They help teams keep code clean and secure, improving collaboration and software reliability.

Where it fits

Before learning hooks, you should understand basic Git commands like commit, push, and merge. After mastering hooks, you can explore continuous integration pipelines and automated deployment, which often use hooks to trigger builds and tests.

Mental Model

Core Idea

Git hooks are automatic scripts that run at specific points in Git actions to enforce rules or automate tasks either on your computer (client-side) or on the server (server-side).

Think of it like...

Git hooks are like automatic checkpoints in a factory assembly line: client-side hooks are quality checks done by workers before sending parts forward, while server-side hooks are inspections done at the warehouse before accepting shipments.

┌───────────────┐       ┌───────────────┐
│ Client-side   │       │ Server-side   │
│ Hooks (local) │──────▶│ Hooks (remote)│
└───────────────┘       └───────────────┘

Client-side hooks run before or after local actions like commit.
Server-side hooks run on the server during push or receive.

Build-Up - 7 Steps

1

FoundationWhat are Git hooks?

Concept: Introduction to the idea of Git hooks as scripts triggered by Git events.

Git hooks are small scripts placed in a special folder inside a Git repository. They run automatically when certain Git actions happen, like making a commit or pushing changes. These scripts can check code, stop bad commits, or run tests.

Result

You understand that Git hooks automate tasks during Git workflows without manual commands.

Knowing that Git can run scripts automatically helps you see how workflows can be safer and more efficient.

2

FoundationDifference between client-side and server-side hooks

3

IntermediateCommon client-side hooks and uses

4

IntermediateCommon server-side hooks and uses

5

IntermediateHow to enable and write Git hooks

6

AdvancedLimitations and security of Git hooks

7

ExpertAdvanced hook chaining and integration

Under the Hood

Git hooks are simple executable scripts placed in the .git/hooks directory. When Git reaches a specific event, it looks for a corresponding hook script and runs it synchronously. The script can inspect the current state, run commands, and decide to allow or stop the Git action by returning success or failure codes. Client-side hooks run on the user's machine, while server-side hooks run on the Git server, often triggered by network events like receiving a push.

Why designed this way?

Hooks were designed as scripts to allow maximum flexibility and language choice without changing Git's core. Separating client and server hooks reflects the different trust and control levels: client hooks help users catch mistakes early, while server hooks enforce team-wide policies. This design balances ease of use, security, and extensibility.

┌───────────────┐       ┌───────────────┐       ┌───────────────┐
│ Git Command   │──────▶│ Hook Script   │──────▶│ Action Allowed │
│ (commit/push) │       │ (.git/hooks)  │       │ or Rejected   │
└───────────────┘       └───────────────┘       └───────────────┘

Client-side hooks run here (local machine).
Server-side hooks run here (remote server).
Return code 0 = success, non-zero = stop action.

Myth Busters - 4 Common Misconceptions

Quick: do you think client-side hooks can stop a push on the server? Commit yes or no.

Common Belief:Client-side hooks can prevent pushes to the remote repository.

Tap to reveal reality

Quick: do you think server-side hooks can modify commit messages? Commit yes or no.

Common Belief:Server-side hooks can change commit messages during a push.

Tap to reveal reality

Quick: do you think all Git hooks are enabled by default? Commit yes or no.

Common Belief:Git hooks are active as soon as you create a repository.

Tap to reveal reality

Quick: do you think server-side hooks can run on Git hosting services like GitHub? Commit yes or no.

Common Belief:You can install custom server-side hooks on all Git hosting services.

Tap to reveal reality

Expert Zone

1

Client-side hooks are not shared automatically; teams must distribute them via scripts or tools to ensure consistency.

2

Server-side hooks can be combined with branch protection rules and CI pipelines for layered enforcement.

3

Hooks can impact performance if they run heavy tasks synchronously, so asynchronous or selective triggering is often used in production.

When NOT to use

Avoid client-side hooks when you need guaranteed enforcement across all users; use server-side hooks or CI pipelines instead. Avoid server-side hooks on hosted platforms that do not allow custom hooks; use webhooks or external automation. For complex workflows, consider dedicated CI/CD tools rather than overloading hooks.

Production Patterns

Teams use client-side pre-commit hooks to run linters and formatters locally. Server-side pre-receive hooks enforce commit message formats and run security scans before accepting pushes. Hooks trigger CI pipelines and notify chat systems. Some organizations automate hook distribution via package managers or Git templates.

Connections

Continuous Integration (CI)

Builds-on

Git hooks often trigger CI pipelines, linking local or server checks to automated builds and tests for better software quality.

Event-driven programming

Same pattern

Git hooks are event-driven scripts that respond to specific Git events, similar to how event handlers respond to user actions in software.

Quality control in manufacturing

Analogy in process control

Just like quality checks at different factory stages prevent defects, client and server hooks act as checkpoints to catch code issues early and centrally.

Common Pitfalls

#1Relying on client-side hooks for security enforcement.

Wrong approach:Using only pre-commit hooks to block bad code without server-side checks.

Correct approach:Implement server-side pre-receive hooks to enforce security policies on all pushes.

Root cause:Misunderstanding that client-side hooks can be bypassed or disabled by users.

#2Not enabling or activating hook scripts after copying them.

Wrong approach:Leaving hook scripts named with .sample extension and not executable.

Correct approach:Rename scripts to remove .sample and set executable permissions (chmod +x).

Root cause:Assuming sample scripts run automatically without activation.

#3Trying to modify commit content in server-side hooks.

Wrong approach:Writing server-side hooks that attempt to change commit messages during push.

Correct approach:Use client-side commit-msg hooks to edit messages before commit.

Root cause:Confusing the roles and capabilities of client vs server hooks.

Key Takeaways

Git hooks are scripts that automate tasks at key points in Git workflows, running either locally (client-side) or on the server (server-side).

Client-side hooks help catch errors early on your computer but cannot enforce rules for the whole team.

Server-side hooks run on the remote repository and enforce policies for all users, making them essential for security and quality control.

Hooks must be enabled and configured properly; they do not run automatically by default.

Understanding the limits and proper use of each hook type helps build reliable, automated, and secure Git workflows.