Nobody is perfect! Even the most seasoned developers have made mistakes – it’s all just part of the learning process.
One mistake that is so common in software development is accidentally pushing secrets to a public repository 🙈🙉🙊
Fortunately, there are lots of different guardrails you can put in place to help prevent the exposure of sensitive information like API keys, and we’ve covered a few of them in these posts about environment variables.
But we’re curious: What are some mistakes you’ve made as a developer? What did you learn from those mistakes?
Share your wisdom in the comments below! 🙏👇
Top comments (26)
My biggest mistake is create this npm module: jsdoc-duck , which is lightweight and typesafe solution for react inhouse useReducer state handling, and even show how can use jsdoc for npm module. But after a year I recognize the react just give too much dependency to my projects, and don't need for that.
✋️Hi yes, it's me -- I have absolutely accidentally pushed secrets to GitHub. Fortunately, it was the secrets for a trial account so nothing really consequential happened, but yeeeah, I had to perform some extensive meticulous GitHub surgery to not only remove the secrets to rewrite history as well 😅
Now I am super careful about using
.gitignoreto keep any sort of secrets or files containing secrets out of public repos!!!The scary part about leaked secrets on GitHub is the speed. There are bots that scan every public push in near real-time looking for patterns that match API keys, tokens, and credentials. Even if you notice and force-push a rewrite within minutes, someone's already cloned or cached that commit. .gitignore prevents future mistakes but it can't undo a push that already happened — and git history is permanent unless you do a full BFG or filter-branch rewrite, which most people don't realize until it's too late.
The thing that actually saved me from repeating this was adding a pre-commit hook with trufflehog. It catches secrets before they ever leave your machine, so the "oh no" moment happens locally instead of on GitHub's event stream where the whole world is watching.
Very good points! And yes to the pre-commit hook.
Haha, I think we all have done that
It's a developer rite of passage 😅
pushed a prod DB password to a public github repo on my first job. noticed it 10 minutes later and spent 2 hours rotating credentials while quietly panicking. learned to use .env files and never looked back.
.envfiles + a.gitignorefile forever!!! 😅lol yeah. first time i set up pre-commit hooks to block .env commits it felt almost ceremonial - should've been there from day one tbh
Mistakes happen; they're a normal part of the job. The important thing is to point them out before they make someone's life difficult. And there have been plenty of those mistakes... 😶🌫️🤫
💡 I think you're hitting on a very important point: Mistakes happen -- it's the response to those mistakes that makes a difference. For example, if you can make mistakes in an environment that's free of judgment, it's probably easier to admit to making mistakes, therefore mistakes are addressed before they can make anyone's life more difficult.
I’ve also seen a situation where an employee was commended for a mistake. Not for making the mistake, but for realizing he’d done something wrong and reporting it... That kind of attitude should be the norm everywhere, it’s a sign of professional maturity. 😉
💯💯💯
I’d actually be curious how it works elsewhere. Do you mostly have good experiences when someone admits a mistake, or is it seen more negatively? Is openness encouraged in your teams, or do people tend to hide errors?
In my experience, the most common scenario is that someone flags a potential issue, the developer ignores it… and when the problem actually happens, it turns into an even bigger problem... especially for the developer 😁
It's been a mix.
I won't go into too many details, but I've been in some pretty bad post-mortems where there was lots of blame. I've seen people lose their cool and yell at people ... and then later have to apologize for it. Needless to say, I didn't last long at those places. Even if I wasn't the one who made the mistake and got yelled at, that sort of environment doesn't really encourage a sense of safety, and without safety, I can't grow.
My current job is the first I've had in a while where I actually feel safe and appreciated ❤️
You did the right thing, you have to get out of a toxic environment. When you spend a lot of time at work, it’s important that you feel comfortable there. 👍
❤️❤️❤️
I was a recent hire in this company in Germany, right fresh out of college, and developed our whole site in WML/XHTML for mobile devices (this on the first days of mobile internet) and one hour before big presentation with The Money People, a colleage suggested I give a pass through their code refractor and we did... to utter chaos: strings mistranslated, tokens instead of strings, etc. I spent the next 45 min by hand fixing each page, the most 45 stressing minutes of my life. Since then I have learned: don't always trust code refractors and I never did, until today that I am developing my very own, to prevent such mistakes again.
Omg that sounds so stressful!!!
The most stressful hour of my life, and even though we had to postpone meeting for 15 min (a big deal in Germany), it went well and that was the test that cemented my place in that company, I worked there for almost 2 years before moving on to new challenges, and as a departing gift they gave me a Laptop and a brand new flip sony-ericsson (the hottest model at the time).
Oh wow! That's so lovely that they did that!
My biggest mistake is to ever use AI for coding
Yeah -- sometimes using AI for code feels like pulling the lever of a slot machine, hoping that this time I'll get the response I need. If there's one thing to remember about betting and casinos it's that the house always wins. And with AI, who is the house and what are we losing to them? 😬😬😬
interesting, I ran into the same issue building swiftcopy.io
I once truncated the primary table that held all of the web content for our website CMS. We were able to recover it from backup but it was on a literal tape drive so it took a few hours. Face palm.
Oops! I'm glad you were able to recover it!!!
How has that mishap informed how you work today?