Effective code review isn’t about code style. Here’s what to really focus on.
Functionality¶
- ☐ Does the PR solve a real problem?
- ☐ Edge cases handled
- ☐ Complete error handling
- ☐ Backward compatibility maintained
Readability¶
- ☐ Code is understandable without explanation
- ☐ Clear and consistent naming
- ☐ Comments where needed (not everywhere)
- ☐ Short, single-purpose functions/methods
Security¶
- ☐ No hardcoded secrets
- ☐ Input validation
- ☐ SQL injection prevention
- ☐ XSS prevention
Performance¶
- ☐ No N+1 queries
- ☐ Appropriate indexes for new queries
- ☐ Caching where it makes sense
- ☐ Non-blocking operations for I/O
Tests¶
- ☐ Unit tests for new logic
- ☐ Integration tests for new endpoints
- ☐ Edge case tests
- ☐ Test coverage doesn’t decrease
Other¶
- ☐ Documentation updated
- ☐ Reversible migrations
- ☐ Feature flag for risky changes
- ☐ Changelog entry
Culture¶
Code review is a conversation, not an interrogation. Be constructive, suggest solutions, ask “why”.
code reviewbest practicesquality