π Code Review Best Practices β
Reviewing code effectively to improve quality and share knowledge.
Reviewer mindset β
- Be constructive, not critical
- Ask questions instead of making demands
- Focus on the code, not the author
- Approve when it's "good enough", not "perfect"
What to look for β
Must check β
- Correctness β Does it do what it's supposed to?
- Security β SQL injection, XSS, auth bypass, secrets in code?
- Edge cases β Null values, empty arrays, boundary conditions?
- Error handling β What happens when things fail?
- Tests β Are new behaviors tested?
Should check β
- Readability β Can you understand it without the PR description?
- Naming β Are variables and functions well-named?
- Complexity β Is there a simpler approach?
- Performance β Any obvious N+1 queries or unnecessary loops?
Nice to check β
- Consistency with codebase style
- Documentation for public APIs
- Commit message quality
PR author responsibilities β
- Keep PRs small β under 400 lines ideally
- Write a clear description: what, why, how to test
- Self-review before requesting reviews
- Link to the ticket/issue
- Respond to all comments
Comment format β
[nit] Optional style suggestion
[question] Why did you choose X over Y?
[suggestion] Consider using Z here because...
[blocking] This will cause a bug when...Anti-patterns β
- Rubber-stamping without reading
- Nitpicking style while missing logic bugs
- Blocking PRs for days
- Rewriting the author's code in comments