TickYouOff
Sign in
Back
👁️

Code Review Checklist

Medium 18 items · 30 min
testuser's avatar
testuser Published 4 weeks ago
Technical

A practical code review checklist for engineers, tech leads, and reviewers to catch bugs, security issues, and maintainable design. Use it during PR reviews to ensure readability, correctness, tests, and documentation are all addressed.

Progress
0 / 18
  1. Checkout branch and pull latest changes — Ensure you're reviewing the most recent code and PR updates.
  2. Build and run the project locally — Reproduce the app to validate behavior before reviewing.
  3. Run automated tests and linters — Execute unit/integration tests and static analysis tools.
  4. Confirm changes match the ticket or PR description — Verify the implementation meets the stated requirements.
  5. Review architecture and design impact — Check that the change fits overall design and patterns.
  6. Verify descriptive names and concise functions — Prefer clear variable/function names and single-responsibility functions.
  7. Check for obvious bugs and logic errors — Scan control flow, branches, and state changes for mistakes.
  8. Trace data flow for core functions — Follow inputs to outputs to catch incorrect transformations.
  9. Verify error and null handling — Ensure errors are handled, propagated, or logged appropriately.
  10. Validate input handling and edge cases — Test boundary values, empty inputs, and invalid formats.
  11. Scan for security issues — Look for injections, auth bypasses, secrets in code, and unsafe deserialization.
  12. Assess performance implications — Spot N+1 queries, heavy allocations, and blocking operations.
  13. Ensure tests cover new code — Confirm new logic is backed by automated tests where appropriate.
  14. Confirm unit tests for core logic — Check that unit tests exercise key branches and failure modes.
  15. Confirm integration or end-to-end tests where applicable — Ensure system-level behavior is validated for cross-service changes.
  16. Verify error messages and logging — Make logs actionable and avoid leaking sensitive data.
  17. Check for proper documentation and comments — Update README, docstrings, and PR notes to reflect changes.
  18. Leave constructive feedback and approve or request changes — Be specific, cite lines, and suggest concrete improvements.
Sign in to save
📝 My Notes