Git 2.37 ships with stable built-in filesystem monitor, improved performance and security

Git 2.37 ships with stable built-in filesystem monitor, improved performance and security

Version 2.37 of the Git source code management system is out this week, with new features including a built-in filesystem monitor to improve performance, now stable on Windows and Mac, cruft packs for better management of removed objects, and full integration of support for sparse clones, which avoid the need to download an entire repository when only part of it is needed.

Git is used by nearly 94 percent of developers, according to a recent survey, though our hunch is that only a minority explore the more advanced features. The git documentation lists around 150 commands, divided into “porcelain” high-level commands and “plumbing” low level commands, many of which have numerous sub-options. Despite its maturity, there is plenty more to do in areas including performance, security, and developer workflow.

The purpose of the filesystem monitor is to speed up performance of commands like git status, which can require a scan of the entire working directory. It is available in Git on Windows and macOS and enabled with a config setting. The complication is that Git also supports using an external filesystem monitor, typically Watchman, and the innovation is that a built-in filesystem monitor that was previously experimental is now stable, leading to some confusing messages.

New features like this are also problematic when multiple versions of git are in use, which is common when IDEs install their own version. The documentation does not yet include Linux as a supported platform for the built-in filesystem monitor. 

Partial and sparse clones are another key feature and make a lot of sense when working with large repositories. Last year saw the introduction of sparse indexes which can make a dramatic difference in performance – but with the caveat that “not all Git commands understand the sparse index. Those that have not been integrated trigger a compatibility check that converts a sparse index into a full one during the first index read.”

Version 2.37 extends support to all commands in the core Git project, now including git show, git sparse-checkout and git stash, with the last of these offering a “near 80% speed up in certain cases.”

Another new feature, called cruft packs, enables storing unreachable objects in a single file accompanied by a table of file times, which the Git team says avoids a situation where “shards of .git/objects can lead to decreased performance in the repository” or even “degrade the performance of the whole system.”

Including git credentials in an URL such as <protocol>://<user>:<password>@<domain>/<path> is a security risk, especially as that URL may be passed to other git programs. A new transfer.credentialsInUrl setting can be set to “warn” or “die”, preventing inadvertent use of this mechanism. 

The release notes for 2.37 are here and a GitHub blog by senior software engineer Taylor Blau describing the changes is here.