.gitignore
A .gitignore file tells version control which files and directories to exclude from tracking. For vibe coders, a proper .gitignore is critical — AI-generated projects often create node_modules, environment files with API keys, build artifacts, and other files that should never be committed to a repository.
Example
A .gitignore file is a small file with an outsized impact on security. It's one of the first things to set up in any vibe-coded project.
What to Ignore
Always Ignore
- Environment files —
.env,.env.local,.env.production - Dependencies —
node_modules/,vendor/,venv/ - Build output —
dist/,build/,.next/ - IDE files —
.vscode/settings.json,.idea/ - OS files —
.DS_Store,Thumbs.db
Never Ignore
- Source code — Your actual application files
- Configuration —
package.json,tsconfig.json - Lock files —
package-lock.json,bun.lockb - Documentation — README, license files
The Security Risk
Exposing secrets in version control is one of the most common security mistakes:
- API keys get committed accidentally
- Keys end up on public GitHub repositories
- Bots scan GitHub for exposed keys within minutes
- Your accounts get compromised
A .gitignore prevents this entirely.
Setting Up .gitignore
Most AI tools generate a .gitignore when scaffolding a project. Always verify it includes:
- Environment and secret files
- Dependency directories
- Build artifacts
- System-specific files
If AI doesn't generate one, ask: "Create a .gitignore for this project that excludes secrets, dependencies, and build output."
Emergent — An agentic vibe-coding platform that builds production-ready apps