Hygiene, secrets & tests¶
Repository hygiene: generated/cached files committed by mistake, large binaries, an incomplete .gitignore, sensitive files, hardcoded secrets in source, and test debt (disabled tests/suites, flaky-masking retries).
12 checks.
hygiene-archive-in-repo¶
Severity: Medium
Archive files are opaque binaries that cannot be diffed. They bloat the repository permanently (even after deletion, they remain in git history).
How to fix: Remove … from the repository. Alternatives: (1) extract the needed files from the archive, commit them individually, then delete the archive; (2) publish the contents as a package on a registry (npm, Maven, CocoaPods); (3) move the archive to cloud storage (S3, GCS) and download it at build time; (4) track it with Git LFS (git lfs track "…") to keep it out of the main object store.
hygiene-cached-artifacts¶
Severity: Medium
Cache directories can be very large and change frequently. Tracking them inflates the repository size and slows down clones and fetches.
How to fix: Add "…/" to .gitignore and remove from tracking with git rm -r --cached ….
hygiene-generated-dir¶
Severity: High
Tracked generated directories bloat the repository, slow down clones, and cause unnecessary merge conflicts when different developers regenerate files.
How to fix: Add "…/" to .gitignore and remove it from version control with git rm -r --cached ….
hygiene-generated-file¶
Severity:
Generated files should be produced by the build system, not stored in the repo. They cause noisy diffs and merge conflicts.
How to fix: Add the pattern "*…" to .gitignore and remove these files from tracking.
hygiene-generated-file-skipped¶
Severity: Info
Flutter projects conventionally commit codegen output (build_runner, freezed, etc.) so developers can work without running code generation.
How to fix: No action needed — these files are expected in Flutter projects.
hygiene-hardcoded-secret¶
Severity: Severity
A committed secret is exposed to everyone with repo access and lives forever in git history — it must be treated as compromised and rotated.
How to fix: Remove the secret from source, rotate it immediately (assume it is compromised), and load it at runtime from an environment variable or a secrets manager. Purge it from git history if needed.
hygiene-incomplete-gitignore¶
Severity: Low
Committing build/cache directories bloats clones, produces noisy diffs and merge conflicts, and can leak machine-specific paths.
How to fix: Add the following to .gitignore: ….
hygiene-large-binary¶
Severity: High
Large binary files dramatically increase clone times and repository size. They cannot be diffed and every version is stored in full in git history.
How to fix: Move the binary to an artifact repository (Maven, CocoaPods, or a cloud storage bucket) and reference it as a dependency instead.
hygiene-sensitive-file¶
Severity: IsTier1 ? Severity.Critical : Severity.Low–IsDebug ? Severity.Low : Severity.Critical–Critical
isTier1 ? 'Secrets, API keys, and credentials checked into a repository can be extracted by anyone with access and remain in git history even after deletion.' : 'While typically safe to commit, these files can occasionally contain API keys or environment-specific overrides that should remain private.'
How to fix: isTier1 ? Remove "${basename}" from version control, rotate any exposed credentials, and add the file to .gitignore. : Verify "${basename}" does not contain production secrets. Consider adding to .gitignore if it holds environment-specific values.
tests-disabled-suite-debt¶
Severity: Low
A disabled suite removes a whole area from CI in one line — far more coverage loss than a single skipped test, and easy to forget.
How to fix: Re-enable the suite, or split out and delete the parts that are truly obsolete. Do not disable an entire suite to hide one failure.
tests-disabled-test-debt¶
Severity: Low
A skipped test still looks green in CI but verifies nothing. Disabled tests accumulate and quietly erode the safety net.
How to fix: Re-enable and fix the test, or delete it if it is obsolete. Track flaky ones with an issue instead of leaving them skipped.
tests-unbounded-retry-policy¶
Severity: Low
Retrying failed tests hides flakiness: a real intermittent bug looks green, and the failing run is silently masked.
How to fix: Fix the flaky test (timing, ordering, shared state) instead of retrying. If retries are unavoidable, keep the count low and track the flakiness.