All I did was install GitButler via my OS's package manager, and open a local repo via the GUI.
And I saw these malicious (pre-commit) git hooks installed by GitButler, without any confirmation, or prompt seeking my approval.
I'm sure you folks will come up with a "technical explanation" or some "legal-marketing language" to cover up for this — but in my book — redirect `git commit` to `but commit` is dishonest and unethical.
Installed GitButler to try it out — and realized it installs malicious Git hooks to take over the git commit workflow:
* pre-commit — The malicious one. It intercepted every `git commit` attempt and aborted it with that error message, forcing you to use `but commit` instead. Effectively a commit hijack — no way to commit to your own repo without their tool.
* post-checkout — Fired whenever you switched branches. GitButler used it to track your branch state and sync its virtual branch model. It cleaned this one up itself when we checked out.
* There's also typically a prepare-commit-msg hook that GitButler installs to inject its metadata into commit messages, though we didn't hit that one.
* The pre-commit hook is the aggressive one — it's a standard git hook location, so git runs it unconditionally before every commit. GitButler installs it silently as part of "setting up" a repo, with no opt-in. The only escape (without their CLI) is exactly what we did: delete it manually.