Code Review

What can I as code writer do?

• Write a clear change list (commit message). It should explain what the code solves and why the change is made. It does not have explain how it's done, as the reviewer sees the code by themselves.
• All the checks that can be automated should be. (Linters, formatters, automatic tests)
• When questions in the review come up, It probably means that that part of the code should be refactored. If the reviewer has questions, its very likely that the other team members would as well.

Draw.io Code Review Guidelines

1. Functionality

• Verify that the code implements the intended functionality and or fix the specific bug.

• Ensure that edge cases and possible error scenarios are handled appropriately.

  • Does the code implement the intended functionality?
  • Are all the requirements met?
  • Are edge cases and potential error scenarios handled appropriately?
  • Is the reason for the change valid?

2. Readability and Maintainability

• Check that the code is well-organized, easy to read, and follows established coding conventions.

• This includes proper indentation, consistent naming conventions, and appropriate use of comments to explain complex or non-obvious code segments.

  • Is the code well-organized and easy to read?
  • Are naming conventions consistent and descriptive?
  • Is the code properly indented and formatted?
  • Are comments used appropriately to explain complex or non-obvious code segments?

3. Code Structure and Design

• Evaluate whether the code is modular, adheres to established design patterns, and architectural guidelines:

  • Does the code follow established design patterns and architectural guidelines?
  • Is the code modular and maintainable?
  • Are functions and classes of reasonable size and complexity?
  • Does the code adhere to the principles of separation of concerns and single responsibility?

4. Performance and Efficiency

• Review the code for potential performance bottlenecks or inefficiencies, such as unnecessary loops, memory leaks, or suboptimal algorithms.

  • Are there any potential performance bottlenecks or inefficiencies?
  • Is memory usage optimized?
  • Are algorithms and data structures appropriate and efficient?
  • Are there any opportunities for caching or parallelization?

5. Error Handling and Logging

• Ensure that the code includes proper error handling and logging mechanisms to help with debugging and troubleshooting.

  • Does the code include proper error handling mechanisms?
  • Are exceptions used appropriately and caught at the correct level?
  • Is logging implemented for debugging and troubleshooting purposes?
  • Are error messages clear, descriptive, and actionable?

6. Security

• Verify that the code follows secure coding practices and does not introduce any security vulnerabilities, such as SQL injections, cross-site scripting, or improper access controls.

  • Does the code follow secure coding practices?
  • Are there any potential security vulnerabilities?
  • Is user input validated and sanitized properly?
  • Are authentication and authorization mechanisms implemented correctly?

7. Test Coverage

• Ensure that the tests are passing and up-to-date.

  • Does the code require appropriate unit tests or integration tests?
  • Do the core test still pass with the commit included?

8. Code Reuse and Dependencies

• Review the code for proper reuse of existing libraries, frameworks, or components, and ensure that any dependencies are managed correctly and up-to-date.

  • Is the code properly reusing existing libraries, frameworks, or components?
  • Are dependencies managed correctly and up-to-date?
  • Are any unnecessary dependencies or duplicate code segments removed?
  • Are dependencies secure, actively maintained, and of sufficient quality?

9. Compliance with Coding Standards

• Make sure that the code complies with any company or project-specific coding standards or guidelines.

  • Does the code comply with company or project-specific coding standards and guidelines?
  • Are any linters or static analysis tools used to enforce coding standards?

10. Documentation

• Confirm that the code includes sufficient documentation, such as inline comments, function or method descriptions, and high-level documentation for complex modules or components.

  • Are inline comments used effectively to explain complex or non-obvious code segments?
  • Do functions, methods, and classes have descriptive comments or docstrings?
  • Is there high-level documentation for complex modules or components?
  • Is documentation regularly updated?