Code Review Checklist

My checklist to review the code more carefully at my daily work.

These days I’m fixing bugs and refactoring legacy code at work. It is not fun. I know, there are plenty of “good” reasons to reply: such as (but not limited to) Because we running out of time, Because we started with simple and bare minimal functioning product, Because we don’t have much resource …

However, if you DO think coding nicely and properly takes longer, and if you DO think coding nicely and properly introduces complexity … It means you don’t have the built-in good habit of coding. In other words, it is complicated and time-consuming ONLY for you. NOT the way of coding.

I think it is good to list out a checklist, about what my thoughts on a cliche topic — “code review”. In the future code review at work, I can bring this as a checklist to review the code more carefully, in case I missed out some of them.

1. Checklist about Code Quality

1. Structure: How is the folder structure? How is the module separation? Do those make sense and easy to follow?

2. Dependency: Does the code follow “High Cohesion, Low Coupling”? (Bear in mind different level of Dependencies High to Low: Generalization, Realization, Aggregation, Composition, Association, Dependency)

3. Principles: Does the code follow classic principles: SOLID, DRY, KISS, YAGNI, LOD?

4. Paradigm: Does the code follow the proper programming paradigm? Object-Oriented Programming? Functional Programming? Procedural Programming?

5. Design Pattern: Does the design patter properly used? Or is it over-engineered?

6. Extensibility: Is the code easy to extend? Think about adding a new possible feature.

7. Resuability: Is the code re-usable or very specific? Are there any existing code or library can replace the code? Do not re-invent wheel.

8. Testability: Is the code easy to test? How the tests are written? Have those tests covered both happy-flow and exception-flow?

9. Readability: Is the code easy to read? How is the consistency of coding standard and coding style? Does naming convention make sense? Are comments over-flooded?

2. Checklist about Functionality

1. Has the code fully implemented expected business logic requirement?

2. Has the logical flow and exception flow well handled?

3. Has the code considered logging, tracking and debugging?

4. Is the code (Interface, API, function, etc) easy to use?

5. Is the code (Interface, API, function, etc) idempotent?

6. Is the code (Interface, API, function, etc) transactional?

7. Does the code potentially has concurrency issue? Or is it thread-safe?

8. Is there possible performance improvments? (SQL, Algorithm, etc.)

9. Is there possible security issue? (Injection, validation, etc.)