Git FAQ & Answers

Dangerous git commands that should be blocked or restricted for security include: (1) git push --force - unconditionally overwrites remote repository, potentially destroying teammates' commits pushed in the interim; the safer alternative is --force-with-lease which verifies the remote branch hasn't changed since last fetch, or --force-if-includes (requires Git 2.30+) which additionally checks if remote updates are incorporated in local reflog. (2) git reset --hard - permanently discards all uncommitted changes in working directory and staging area, resetting to specified commit; should only be used on unpublished commits, never after pushing to shared repositories. (3) Allowing branch deletion on protected branches (main/master) - enables irreversible loss of commit history. (4) Direct pushes to protected branches - bypasses code review and status checks. Best practices: enable GitHub/GitLab branch protection rules requiring pull request reviews, status checks before merge, and disabling force pushes and branch deletion on main branches. Note: git reflog tracks all local branch changes for 90 days by default and can recover from accidental resets or force pushes.