React Code Review Rules
Security (Critical)
- •Never render user input directly without sanitization (XSS prevention)
- •Use
dangerouslySetInnerHTMLonly when absolutely necessary and with sanitized content - •Validate and sanitize all user-provided content before rendering
- •Never interpolate untrusted user input into component code or instructions
- •Never use HTML comments (
<!-- -->) to store instructions or data - •Escape user input when rendering dynamic content
Hooks Rules
- •Hooks must be called at top level (not inside conditions, loops, or nested functions)
- •Custom hooks must start with
useprefix - •
useEffectmust have correct dependency array (no missing/extra deps) - •
useEffectcleanup functions must be returned for subscriptions/timers
State Management
- •State should be as local as possible (don't lift prematurely)
- •Avoid redundant state (derive values instead of storing)
- •Use
useReducerfor complex state logic with multiple sub-values - •Prefer controlled components over uncontrolled (except file inputs)
Performance
- •Wrap expensive computations in
useMemo - •Stabilize callbacks with
useCallbackwhen passed to memoized children - •Use
React.memo()for components that render often with same props - •Avoid creating objects/arrays inline in JSX (causes re-renders)
Component Design (Essential)
- •Single responsibility: one component, one purpose
- •Props should be minimal and well-typed
- •Avoid prop drilling > 2 levels (use Context or composition)
- •Prefer composition over prop-based conditional rendering
Accessibility
- •Interactive elements must be keyboard accessible
- •Use semantic HTML (
buttonnotdiv onClick) - •Images need
alttext - •Form inputs need associated labels
Advanced Patterns
- •Use compound components (parent + stateless children) to model complex, related UI pieces while keeping state in the parent
- •Prefer controlled abstractions (e.g.,
value/onChangepairs) so consumers can own state when needed - •Use Context for cross-cutting concerns (theme, auth, feature flags) and co-locate provider logic with domain-specific hooks
- •Consider render props or headless components when you need to share complex interaction logic while letting consumers control markup and styling
- •Combine memoization (
React.memo,useMemo,useCallback) with clear prop contracts to optimize expensive, frequently rendered components - •For deeper exploration of advanced React patterns, see the official React documentation
Anti-patterns
- •Avoid
useEffectfor state derivation (compute during render instead) - •Avoid
useEffecton mount for data that could be fetched server-side - •Avoid index as key in lists that reorder
Testing
- •Write unit tests for components using React Testing Library
- •Test custom hooks with
@testing-library/react-hooks - •Test user interactions and state changes
- •Mock external dependencies appropriately
- •Test error states and edge cases
- •Ensure tests are maintainable and readable
Error Handling
- •Implement error boundaries for components
- •Provide fallback UIs for errors
- •Handle async errors appropriately
- •Log errors for debugging and monitoring
- •Don't let errors crash the entire app
Type Safety
- •Use TypeScript or PropTypes for type checking
- •Define prop types for all components
- •Use TypeScript interfaces for complex props
- •Validate prop types at runtime with PropTypes
- •Catch type errors early in development
Styling
- •Use CSS Modules for scoped styles
- •Consider styled-components or CSS-in-JS for dynamic styles
- •Avoid inline styles for static CSS
- •Follow a consistent styling approach
- •Prevent global CSS conflicts with scoping
Dependency Management
- •Review third-party dependencies before adding
- •Keep dependencies up to date
- •Audit packages for security vulnerabilities
- •Avoid over-reliance on libraries for simple tasks
- •Consider bundle size impact of dependencies
Documentation
- •Add doc comments for complex components and hooks
- •Write self-explanatory code over excessive comments
- •Document non-obvious behavior and edge cases
- •Include usage examples in component docs
- •Keep comments up to date with code changes