While the author is down on automatic file name scans, I see nothing wrong in using tools to catch easy mistakes. How many people do regular code / package reviews? Did not think so. I recommend: - https://github.com/jandre/safe-commit-hook - my fork of the above for NPM js workflow https://github.com/bahmutov/ban-sensitive-files - NPM checklist that includes sensitive file reviews https://github.com/bahmutov/npm-module-checklist

Finally, if GitHub can automate some of the simple checks, so can we, for different tools and environments of course.