principleModeratepending
Effective code review checklist
Viewed 0 times
code reviewchecklistPR reviewcorrectnesssecurity review
Problem
Code reviews are either rubber-stamped or focus on style nitpicks instead of catching real issues.
Solution
Review checklist ordered by importance:
1. Correctness (most important)
2. Security
3. Design
4. Testing
5. Performance (only if relevant)
What NOT to review for:
Reviewer mindset:
1. Correctness (most important)
- Does the code do what the PR description says?
- Are edge cases handled? (empty inputs, null, boundaries)
- Are there race conditions or concurrency issues?
- Is error handling correct and complete?
2. Security
- User input validated/sanitized?
- No secrets in code?
- Auth/authz checks in place?
- SQL injection, XSS, CSRF prevention?
3. Design
- Is this the right approach? (before nitpicking implementation)
- Does it maintain existing patterns in the codebase?
- Is the abstraction level appropriate?
- Will this be maintainable in 6 months?
4. Testing
- Are the right things tested? (behavior, not implementation)
- Are edge cases covered?
- Would a test catch a regression here?
5. Performance (only if relevant)
- Any N+1 queries?
- Unnecessary data loading?
- Missing indexes for new queries?
What NOT to review for:
- Style (use formatters: prettier, black, gofmt)
- Import order (use isort, eslint)
- Naming preferences (unless genuinely confusing)
Reviewer mindset:
- Ask questions, don't make demands
- Suggest, don't prescribe
- Approve with minor comments (don't block for nitpicks)
- If you don't understand something, that's a code clarity issue
Why
The most valuable code review catches design and correctness issues that automated tools miss. Style issues should be handled by formatters, not humans.
Context
Any team doing code reviews / pull request reviews
Revisions (0)
No revisions yet.