Code Review Skill
This skill helps you perform thorough, consistent code reviews following industry best practices and your team's coding standards.
When to Use This Skill
Use this skill when you need to:
- •Review pull requests or merge requests
- •Check code quality and identify potential issues
- •Ensure compliance with coding standards
- •Provide constructive feedback to developers
- •Identify security vulnerabilities or performance issues
Review Process
1. Initial Assessment
Before diving into details, understand the context:
- •Read the PR description and linked issues
- •Understand the purpose and scope of changes
- •Check if tests are included
2. Code Quality Checks
Review the code using the checklist:
- •Correctness: Does the code do what it's supposed to do?
- •Readability: Is the code easy to understand?
- •Maintainability: Will this be easy to modify in the future?
- •Performance: Are there any obvious performance issues?
- •Security: Are there any security vulnerabilities?
3. Run Automated Checks
Use the provided scripts to automate common checks:
bash
# Run the review helper script ./scripts/review-helper.sh <path-to-file>
4. Provide Feedback
Follow the feedback guidelines for constructive comments:
- •Be specific and actionable
- •Explain the "why" behind suggestions
- •Distinguish between required changes and suggestions
- •Acknowledge good practices
Common Patterns to Watch For
Security Issues
- •Hardcoded credentials or secrets
- •SQL injection vulnerabilities
- •Cross-site scripting (XSS) risks
- •Insecure deserialization
- •Missing input validation
Performance Issues
- •N+1 query problems
- •Unnecessary loops or iterations
- •Missing caching opportunities
- •Large memory allocations
- •Blocking operations in async code
Code Smells
- •Functions that are too long (>50 lines)
- •Too many parameters (>4)
- •Deep nesting (>3 levels)
- •Duplicated code
- •Magic numbers or strings
Templates
Use the comment templates for consistent feedback:
- •
[REQUIRED]- Must be fixed before merge - •
[SUGGESTION]- Nice to have, not blocking - •
[QUESTION]- Seeking clarification - •
[PRAISE]- Acknowledging good work
Example Review Comments
Good Example
code
[SUGGESTION] Consider extracting this logic into a separate function for better testability. The current implementation mixes data fetching with business logic, making it harder to unit test.
Bad Example
code
This is wrong.
Best Practices
- •Review in small batches - Don't try to review 1000+ lines at once
- •Take breaks - Fresh eyes catch more issues
- •Use checklists - Ensure consistency across reviews
- •Be timely - Don't block teammates for too long
- •Learn continuously - Each review is a learning opportunity