| name | code-reviewer |
| description | Code review guidelines focusing on quality, maintainability, and SOLID principles. Covers readability, performance, security, testing, and professional code review practices for JavaScript and web applications. |
Code Reviewer
Version: 1.0
Focus: Code quality, maintainability, and best practices
Purpose: Review code professionally and improve codebase quality
Philosophy: Code is Read More Than Written
Code is written once, read many times.
Good code:
- Self-documenting: Clear without comments
- Maintainable: Easy to change
- Testable: Easy to verify correctness
- Consistent: Follows established patterns
Bad code:
- Requires constant clarification
- Breaks when touched
- Hard to test
- Inconsistent patterns
Part 1: Code Review Principles
The Goal of Code Review
Primary goals:
- Catch bugs before production
- Ensure maintainability for future developers
- Share knowledge across team
- Enforce standards and best practices
Not the goal:
- Nitpicking personal preferences
- Showing off knowledge
- Blocking progress
Review Checklist
Before approving:
Part 2: Readability
1. Naming
Variables: Descriptive nouns
const d = new Date()
const x = users.filter(u => u.a)
const currentDate = new Date()
const activeUsers = users.filter(user => user.isActive)
Functions: Verb phrases
function user(id) { ... }
function data() { ... }
function getUser(id) { ... }
function fetchData() { ... }
Constants: SCREAMING_SNAKE_CASE
const maxretries = 3
const apiurl = 'https://api.example.com'
const MAX_RETRIES = 3
const API_URL = 'https://api.example.com'
Booleans: Question words (is, has, can, should)
const loading = true
const admin = false
const isLoading = true
const hasPermission = false
const canEdit = true
const shouldRetry = false
2. Function Length
Rule: Functions should do ONE thing well.
function processUserData(user) {
if (!user) throw new Error('...')
if (!user.email) throw new Error('...')
const normalized = {
email: user.email.toLowerCase(),
}
const saved = await db.save(normalized)
await sendEmail(user.email, ...)
return saved
}
function processUserData(user) {
validateUser(user)
const normalized = normalizeUserData(user)
const saved = await saveUser(normalized)
await notifyUser(saved)
return saved
}
3. Avoid Deep Nesting
function processOrder(order) {
if (order) {
if (order.items) {
if (order.items.length > 0) {
if (order.status === 'pending') {
}
}
}
}
}
function processOrder(order) {
if (!order) return
if (!order.items || order.items.length === 0) return
if (order.status !== 'pending') return
}
4. Comments
When to comment:
- Complex algorithms
- Business logic decisions
- TODOs and FIXMEs
- Public API documentation
When NOT to comment:
- Obvious code
- What code does (code shows this)
const name = user.name
counter++
const delay = Math.pow(2, retryCount) * 1000
for (const user of users) {
for (const post of posts) { ... }
}
Part 3: SOLID Principles
S - Single Responsibility
Each class/function should have ONE reason to change.
class User {
constructor(name, email) {
this.name = name
this.email = email
}
save() { }
sendEmail() { }
generateReport() { }
}
class User {
constructor(name, email) {
this.name = name
this.email = email
}
}
class UserRepository {
save(user) { }
}
class EmailService {
sendWelcome(user) { }
}
O - Open/Closed
Open for extension, closed for modification.
function processPayment(type, amount) {
if (type === 'credit_card') {
} else if (type === 'paypal') {
}
}
class PaymentProcessor {
constructor() {
this.processors = new Map()
}
register(type, processor) {
this.processors.set(type, processor)
}
process(type, amount) {
const processor = this.processors.get(type)
return processor.process(amount)
}
}
paymentProcessor.register('credit_card', new CreditCardProcessor())
paymentProcessor.register('paypal', new PayPalProcessor())
L - Liskov Substitution
Subtypes must be substitutable for base types.
class Rectangle {
setWidth(w) { this.width = w }
setHeight(h) { this.height = h }
getArea() { return this.width * this.height }
}
class Square extends Rectangle {
setWidth(w) {
this.width = w
this.height = w
}
}
class Rectangle {
constructor(width, height) {
this.width = width
this.height = height
}
getArea() { return this.width * this.height }
}
class Square {
constructor(side) {
this.side = side
}
getArea() { return this.side * this.side }
}
I - Interface Segregation
Clients shouldn't depend on interfaces they don't use.
interface Worker {
work()
eat()
sleep()
}
class Robot implements Worker {
work() { ... }
eat() { throw new Error('Robots don't eat!') }
sleep() { throw new Error('Robots don't sleep!') }
}
interface Workable {
work()
}
interface Eatable {
eat()
}
class Human implements Workable, Eatable {
work() { ... }
eat() { ... }
}
class Robot implements Workable {
work() { ... }
}
D - Dependency Inversion
Depend on abstractions, not concretions.
class EmailService {
send(to, subject, body) {
const gmail = new GmailAPI()
gmail.send(to, subject, body)
}
}
class EmailService {
constructor(emailProvider) {
this.provider = emailProvider
}
send(to, subject, body) {
this.provider.send(to, subject, body)
}
}
const gmailService = new EmailService(new GmailProvider())
const sendgridService = new EmailService(new SendGridProvider())
Part 4: Common Code Smells
1. Magic Numbers
if (user.age > 18) { ... }
setTimeout(retry, 5000)
const LEGAL_AGE = 18
if (user.age > LEGAL_AGE) { ... }
const RETRY_DELAY_MS = 5000
setTimeout(retry, RETRY_DELAY_MS)
2. God Objects
class Application {
handleRequest() { ... }
connectDatabase() { ... }
sendEmail() { ... }
generateReport() { ... }
processPayment() { ... }
}
class Router { handleRequest() { ... } }
class Database { connect() { ... } }
class EmailService { send() { ... } }
3. Duplicate Code
function calculateDiscountA(price) {
return price * 0.9
}
function calculateDiscountB(price) {
return price * 0.9
}
function calculateDiscount(price, discountPercent) {
return price * (1 - discountPercent / 100)
}
const priceA = calculateDiscount(100, 10)
const priceB = calculateDiscount(200, 10)
4. Long Parameter Lists
function createUser(name, email, age, address, phone, company, role) {
}
function createUser({ name, email, age, address, phone, company, role }) {
}
interface UserParams {
name: string
email: string
age: number
}
function createUser(params: UserParams) {
}
Part 5: Security Review
Check for Common Vulnerabilities
1. SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`
const query = 'SELECT * FROM users WHERE id = ?'
db.query(query, [userId])
2. XSS (Cross-Site Scripting)
element.innerHTML = userInput
element.textContent = userInput
element.innerHTML = DOMPurify.sanitize(userInput)
3. Authentication
const user = { password: 'secret123' }
const bcrypt = require('bcrypt')
const hashedPassword = await bcrypt.hash('secret123', 10)
const user = { passwordHash: hashedPassword }
4. Authorization
app.delete('/users/:id', async (req, res) => {
await db.deleteUser(req.params.id)
res.json({ success: true })
})
app.delete('/users/:id', async (req, res) => {
const user = await db.getUser(req.params.id)
if (user.id !== req.user.id && !req.user.isAdmin) {
return res.status(403).json({ error: 'Forbidden' })
}
await db.deleteUser(req.params.id)
res.json({ success: true })
})
Part 6: Performance Review
Check for Performance Issues
1. N+1 Queries
const users = await db.getUsers()
for (const user of users) {
user.posts = await db.getPosts(user.id)
}
const users = await db.getUsersWithPosts()
2. Unnecessary Re-renders (React)
function Component() {
const style = { color: 'red' }
return <div style={style}>Hello</div>
}
const STYLE = { color: 'red' }
function Component() {
return <div style={STYLE}>Hello</div>
}
3. Large Bundle Sizes
import _ from 'lodash'
import debounce from 'lodash/debounce'
Part 7: Testing Review
Check Test Coverage
function calculateTotal(items) {
return items.reduce((sum, item) => sum + item.price, 0)
}
function calculateTotal(items) {
return items.reduce((sum, item) => sum + item.price, 0)
}
test('calculateTotal sums item prices', () => {
const items = [
{ price: 10 },
{ price: 20 },
{ price: 30 }
]
expect(calculateTotal(items)).toBe(60)
})
test('calculateTotal handles empty array', () => {
expect(calculateTotal([])).toBe(0)
})
Test Quality
Good tests are:
- Independent: Don't depend on other tests
- Fast: Run quickly
- Deterministic: Same result every time
- Readable: Clear what's being tested
Part 8: Providing Feedback
Be Constructive
โ Bad feedback:
"This code is terrible."
โ
Good feedback:
"This function is doing multiple things. Consider splitting it into validateUser() and saveUser() for better maintainability."
Be Specific
โ Vague:
"This could be better."
โ
Specific:
"This O(nยฒ) loop could be optimized to O(n) by using a Map for lookups instead of repeated array.find()."
Explain Why
โ Just criticism:
"Don't use var."
โ
Explain reasoning:
"Use const or let instead of var. var has function scope which can lead to unexpected behavior due to hoisting. const/let have block scope which is more predictable."
Prioritize
Use labels:
- ๐ด Critical: Security, bugs, data loss
- ๐ก Important: Maintainability, performance
- ๐ข Nice-to-have: Style, minor improvements
Critical Review Checklist
Functionality
Readability
Maintainability
Performance
Security
Testing
Resources
