admin/SuperCharged-Claude-Code-Upgrade
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07242683bf0cfc4ce097284cb767f72f42900a6c
SuperCharged-Claude-Code-Up…/code-review-checklist/skill.md
admin 07242683bf Add 260+ Claude Code skills from skills.sh 
Complete collection of AI agent skills including:
- Frontend Development (Vue, React, Next.js, Three.js)
- Backend Development (NestJS, FastAPI, Node.js)
- Mobile Development (React Native, Expo)
- Testing (E2E, frontend, webapp)
- DevOps (GitHub Actions, CI/CD)
- Marketing (SEO, copywriting, analytics)
- Security (binary analysis, vulnerability scanning)
- And many more...

Synchronized from: https://skills.sh/

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-23 18:02:28 +00:00

11 KiB
Raw Blame History

name, description
name description
code-review-checklist Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability

Code Review Checklist

Overview

Provide a systematic checklist for conducting thorough code reviews. This skill helps reviewers ensure code quality, catch bugs, identify security issues, and maintain consistency across the codebase.

When to Use This Skill

  • Use when reviewing pull requests
  • Use when conducting code audits
  • Use when establishing code review standards for a team
  • Use when training new developers on code review practices
  • Use when you want to ensure nothing is missed in reviews
  • Use when creating code review documentation

How It Works

Step 1: Understand the Context

Before reviewing code, I'll help you understand:

  • What problem does this code solve?
  • What are the requirements?
  • What files were changed and why?
  • Are there related issues or tickets?
  • What's the testing strategy?

Step 2: Review Functionality

Check if the code works correctly:

  • Does it solve the stated problem?
  • Are edge cases handled?
  • Is error handling appropriate?
  • Are there any logical errors?
  • Does it match the requirements?

Step 3: Review Code Quality

Assess code maintainability:

  • Is the code readable and clear?
  • Are names descriptive?
  • Is it properly structured?
  • Are functions/methods focused?
  • Is there unnecessary complexity?

Step 4: Review Security

Check for security issues:

  • Are inputs validated?
  • Is sensitive data protected?
  • Are there SQL injection risks?
  • Is authentication/authorization correct?
  • Are dependencies secure?

Step 5: Review Performance

Look for performance issues:

  • Are there unnecessary loops?
  • Is database access optimized?
  • Are there memory leaks?
  • Is caching used appropriately?
  • Are there N+1 query problems?

Step 6: Review Tests

Verify test coverage:

  • Are there tests for new code?
  • Do tests cover edge cases?
  • Are tests meaningful?
  • Do all tests pass?
  • Is test coverage adequate?

Examples

Example 1: Functionality Review Checklist

## Functionality Review

### Requirements
- [ ] Code solves the stated problem
- [ ] All acceptance criteria are met
- [ ] Edge cases are handled
- [ ] Error cases are handled
- [ ] User input is validated

### Logic
- [ ] No logical errors or bugs
- [ ] Conditions are correct (no off-by-one errors)
- [ ] Loops terminate correctly
- [ ] Recursion has proper base cases
- [ ] State management is correct

### Error Handling
- [ ] Errors are caught appropriately
- [ ] Error messages are clear and helpful
- [ ] Errors don't expose sensitive information
- [ ] Failed operations are rolled back
- [ ] Logging is appropriate

### Example Issues to Catch:

**❌ Bad - Missing validation:**
\`\`\`javascript
function createUser(email, password) {
  // No validation!
  return db.users.create({ email, password });
}
\`\`\`

**✅ Good - Proper validation:**
\`\`\`javascript
function createUser(email, password) {
  if (!email || !isValidEmail(email)) {
    throw new Error('Invalid email address');
  }
  if (!password || password.length < 8) {
    throw new Error('Password must be at least 8 characters');
  }
  return db.users.create({ email, password });
}
\`\`\`

Example 2: Security Review Checklist

## Security Review

### Input Validation
- [ ] All user inputs are validated
- [ ] SQL injection is prevented (use parameterized queries)
- [ ] XSS is prevented (escape output)
- [ ] CSRF protection is in place
- [ ] File uploads are validated (type, size, content)

### Authentication & Authorization
- [ ] Authentication is required where needed
- [ ] Authorization checks are present
- [ ] Passwords are hashed (never stored plain text)
- [ ] Sessions are managed securely
- [ ] Tokens expire appropriately

### Data Protection
- [ ] Sensitive data is encrypted
- [ ] API keys are not hardcoded
- [ ] Environment variables are used for secrets
- [ ] Personal data follows privacy regulations
- [ ] Database credentials are secure

### Dependencies
- [ ] No known vulnerable dependencies
- [ ] Dependencies are up to date
- [ ] Unnecessary dependencies are removed
- [ ] Dependency versions are pinned

### Example Issues to Catch:

**❌ Bad - SQL injection risk:**
\`\`\`javascript
const query = \`SELECT * FROM users WHERE email = '\${email}'\`;
db.query(query);
\`\`\`

**✅ Good - Parameterized query:**
\`\`\`javascript
const query = 'SELECT * FROM users WHERE email = $1';
db.query(query, [email]);
\`\`\`

**❌ Bad - Hardcoded secret:**
\`\`\`javascript
const API_KEY = 'sk_live_abc123xyz';
\`\`\`

**✅ Good - Environment variable:**
\`\`\`javascript
const API_KEY = process.env.API_KEY;
if (!API_KEY) {
  throw new Error('API_KEY environment variable is required');
}
\`\`\`

Example 3: Code Quality Review Checklist

## Code Quality Review

### Readability
- [ ] Code is easy to understand
- [ ] Variable names are descriptive
- [ ] Function names explain what they do
- [ ] Complex logic has comments
- [ ] Magic numbers are replaced with constants

### Structure
- [ ] Functions are small and focused
- [ ] Code follows DRY principle (Don't Repeat Yourself)
- [ ] Proper separation of concerns
- [ ] Consistent code style
- [ ] No dead code or commented-out code

### Maintainability
- [ ] Code is modular and reusable
- [ ] Dependencies are minimal
- [ ] Changes are backwards compatible
- [ ] Breaking changes are documented
- [ ] Technical debt is noted

### Example Issues to Catch:

**❌ Bad - Unclear naming:**
\`\`\`javascript
function calc(a, b, c) {
  return a * b + c;
}
\`\`\`

**✅ Good - Descriptive naming:**
\`\`\`javascript
function calculateTotalPrice(quantity, unitPrice, tax) {
  return quantity * unitPrice + tax;
}
\`\`\`

**❌ Bad - Function doing too much:**
\`\`\`javascript
function processOrder(order) {
  // Validate order
  if (!order.items) throw new Error('No items');
  
  // Calculate total
  let total = 0;
  for (let item of order.items) {
    total += item.price * item.quantity;
  }
  
  // Apply discount
  if (order.coupon) {
    total *= 0.9;
  }
  
  // Process payment
  const payment = stripe.charge(total);
  
  // Send email
  sendEmail(order.email, 'Order confirmed');
  
  // Update inventory
  updateInventory(order.items);
  
  return { orderId: order.id, total };
}
\`\`\`

**✅ Good - Separated concerns:**
\`\`\`javascript
function processOrder(order) {
  validateOrder(order);
  const total = calculateOrderTotal(order);
  const payment = processPayment(total);
  sendOrderConfirmation(order.email);
  updateInventory(order.items);
  
  return { orderId: order.id, total };
}
\`\`\`

Best Practices

Do This

  • Review Small Changes - Smaller PRs are easier to review thoroughly
  • Check Tests First - Verify tests pass and cover new code
  • Run the Code - Test it locally when possible
  • Ask Questions - Don't assume, ask for clarification
  • Be Constructive - Suggest improvements, don't just criticize
  • Focus on Important Issues - Don't nitpick minor style issues
  • Use Automated Tools - Linters, formatters, security scanners
  • Review Documentation - Check if docs are updated
  • Consider Performance - Think about scale and efficiency
  • Check for Regressions - Ensure existing functionality still works

Don't Do This

  • Don't Approve Without Reading - Actually review the code
  • Don't Be Vague - Provide specific feedback with examples
  • Don't Ignore Security - Security issues are critical
  • Don't Skip Tests - Untested code will cause problems
  • Don't Be Rude - Be respectful and professional
  • Don't Rubber Stamp - Every review should add value
  • Don't Review When Tired - You'll miss important issues
  • Don't Forget Context - Understand the bigger picture

Complete Review Checklist

Pre-Review

  • Read the PR description and linked issues
  • Understand what problem is being solved
  • Check if tests pass in CI/CD
  • Pull the branch and run it locally

Functionality

  • Code solves the stated problem
  • Edge cases are handled
  • Error handling is appropriate
  • User input is validated
  • No logical errors

Security

  • No SQL injection vulnerabilities
  • No XSS vulnerabilities
  • Authentication/authorization is correct
  • Sensitive data is protected
  • No hardcoded secrets

Performance

  • No unnecessary database queries
  • No N+1 query problems
  • Efficient algorithms used
  • No memory leaks
  • Caching used appropriately

Code Quality

  • Code is readable and clear
  • Names are descriptive
  • Functions are focused and small
  • No code duplication
  • Follows project conventions

Tests

  • New code has tests
  • Tests cover edge cases
  • Tests are meaningful
  • All tests pass
  • Test coverage is adequate

Documentation

  • Code comments explain why, not what
  • API documentation is updated
  • README is updated if needed
  • Breaking changes are documented
  • Migration guide provided if needed

Git

  • Commit messages are clear
  • No merge conflicts
  • Branch is up to date with main
  • No unnecessary files committed
  • .gitignore is properly configured

Common Pitfalls

Problem: Missing Edge Cases

Symptoms: Code works for happy path but fails on edge cases Solution: Ask "What if...?" questions

  • What if the input is null?
  • What if the array is empty?
  • What if the user is not authenticated?
  • What if the network request fails?

Problem: Security Vulnerabilities

Symptoms: Code exposes security risks Solution: Use security checklist

  • Run security scanners (npm audit, Snyk)
  • Check OWASP Top 10
  • Validate all inputs
  • Use parameterized queries
  • Never trust user input

Problem: Poor Test Coverage

Symptoms: New code has no tests or inadequate tests Solution: Require tests for all new code

  • Unit tests for functions
  • Integration tests for features
  • Edge case tests
  • Error case tests

Problem: Unclear Code

Symptoms: Reviewer can't understand what code does Solution: Request improvements

  • Better variable names
  • Explanatory comments
  • Smaller functions
  • Clear structure

Review Comment Templates

Requesting Changes

**Issue:** [Describe the problem]

**Current code:**
\`\`\`javascript
// Show problematic code
\`\`\`

**Suggested fix:**
\`\`\`javascript
// Show improved code
\`\`\`

**Why:** [Explain why this is better]

Asking Questions

**Question:** [Your question]

**Context:** [Why you're asking]

**Suggestion:** [If you have one]

Praising Good Code

**Nice!** [What you liked]

This is great because [explain why]

Related Skills

  • @requesting-code-review - Prepare code for review
  • @receiving-code-review - Handle review feedback
  • @systematic-debugging - Debug issues found in review
  • @test-driven-development - Ensure code has tests

Additional Resources

Pro Tip: Use a checklist template for every review to ensure consistency and thoroughness. Customize it for your team's specific needs!

Reference in New Issue View Git Blame Copy Permalink