Things to Pay Attention to During Code Review

Fatih Delice
Fatih Delice

Code review is a critical process in software development that improves code quality and helps detect errors early. Below, you can find the key points to consider for an effective code review process.

1. Are There Any Typos?

For code readability, it is important that variable, function, and class names are correct. Pay attention to issues such as mixed Turkish-English naming, misspelled words, or incorrect uppercase/lowercase usage.

Example:

// Wrong
const getUserinformations = () => { ... };
 
// Correct
const getUserInformation = () => { ... };

2. Is There Any Hard Coding?

Constant values should not be used directly inside the code. Instead, environment variables, configuration files, or variables should be used.

Example:

// Wrong
const API_URL = "https://example.com/api";
 
// Correct
const API_URL = process.env.API_URL;

3. Could the Change Break Another Part of the Project?

When making code changes, you should analyze how they may affect other parts of the project. For this:

  • Unit tests and integration tests should be run
  • Dependent components should be checked
  • Code dependencies should be reviewed

4. Can It Be Written More Concisely?

Code repetition should be avoided, the DRY (Don't Repeat Yourself) principle should be followed, and unnecessary complexity should be removed.

Example:

// Wrong
function checkUserRole(user) {
  if (user.role === "admin") {
    return true;
  } else {
    return false;
  }
}
 
// Correct
const checkUserRole = (user) => user.role === "admin";

5. Has It Been Optimized for Performance?

Check whether the code performs unnecessary operations, and prefer more performant algorithms where appropriate.

Example:

// Wrong: Creates a new array every time it is called
const numbers = [1, 2, 3, 4, 5];
const squaredNumbers = numbers.map(num => num * num);
 
// Correct: More performant
const squaredNumbers = numbers.map(num => num ** 2);

6. Have Security Vulnerabilities Been Checked?

  • Is input validation implemented?
  • Are there security vulnerabilities such as SQL Injection or XSS?
  • Have JWTs or API keys been leaked?
  • Are authorization and authentication mechanisms correct?

Example:

// Wrong: Vulnerable to SQL Injection
const query = `SELECT * FROM users WHERE username = '${userInput}'`;
 
// Correct: Uses a parameterized query
const query = `SELECT * FROM users WHERE username = ?`;
db.execute(query, [userInput]);

Conclusion

Paying attention to the criteria above during the code review process improves code quality, detects bugs early, and increases knowledge sharing within the team.

Running code reviews regularly and in detail helps build more sustainable and robust projects in the long term.