How to create the perfect code review checklist
Nobody’s perfect — not even the world’s most experienced programmer. Everyone who writes code makes mistakes, and it’s important to catch them before they make it into the final version of your product.
The best way to reduce the number of errors in your code is by creating a best practice code review checklist that covers everything you’ve agreed on with your team — including code formatting, coding conventions and how to handle unit testing and edge cases. It’s a proven way to speed up your progress, and it helps creating a higher sense of control over what has already been checked and what still needs reviewing.
Every software developer has different needs, making it impossible to create a code review checklist that works for everyone. That doesn’t mean we can’t help you get started, however — and that’s why we’ve compiled the most important elements to keep in mind when creating your own checklist.
General code review checklist considerations
Let’s kick things off with some high-level checklist items. While it might be obvious, it’s worth noting all code should perform its intended function in an efficient manner. If you feel anything could be improved, this is the time to do it. Also, if there’s any incomplete code remaining from previous builds, make sure it’s removed when you’re shipping the finished product. The same goes for any duplicates in the codebase — if you come across double functionality, you should get rid of it.
It’s also worth taking a look at your code’s general performance — are there any optimizations you could implement, or are there parts that could be replaced by library functions? There could also be some logging or debugging code still hanging around, which could slow things down if it’s not removed.
To finish things off, try putting yourself in the end user’s shoes: Does the product work as they expect it to, or is there any unexpected behaviour that should be fixed?
Code shouldn’t just perform well, it should also read well. All of it should be self-explanatory, not leaving anything up to other developer’s interpretation. At some point other people might need to edit it, or in a couple of months you might need to go back in and make changes — in both cases, it’s important all of it is easily understandable.
Other, less important style choices should also be reviewed. For example, is all code properly left-aligned, does the usage of white space make sense and is the average line length acceptable?
It’s critical to check if your code is properly testable. You’ll want to make sure you don’t have to deal with any hidden dependencies and the inability to initialize certain objects. Any testing frameworks and unit tests need to be checked — are they actually testing the right thing? Also, do your unit tests target the intended functionality, and does the test framework overall cover potential edge cases?
Any responsible developer should have security as one of the cornerstones of their codebase — especially if any third-party utilities are being used. When sensitive user data is entered, it should always be encrypted and checked for the correct type, length and format. Also, all authorization and session management should be implemented in a secure way. The same goes for all output values — are they correctly being checked and encoded?
Always keep iterating
Keep in mind your code review checklist is not set in stone. In fact, it’s important you keep changing it over time depending on your experience and ever-evolving needs. When you have a new idea or spot something that doesn’t work anymore, add or remove items on your list.
Why effective code review automation is key
While it’ll always involve some sort of manual labor, large parts of the code review process can be automated. Time is valuable, and by integrating smart tools into your process it’s possible for you and your team to spend less time on this cumbersome task, and more on actually writing great code.
This is where Codacy comes in — a full-featured code review platform that makes it much easier to consistently output high-quality code. The tool helps following set naming conventions, checking the validity of method parameters and many other preconditions. On top of checking all questionable coding practices, it can also be configured to perfectly fit your team’s quality standards and preferences.
When you’ve successfully automated parts of your code review checklist, it’s vital to rethink the way you take care of manual checking as well. We recommend you spend this time mostly focused on more conceptual elements of the code that are harder to catch by using automated tools.
Codacy is used by thousands of developers to analyze billions of lines of code every day!
Getting started is easy – and free! Just use your GitHub, Bitbucket or Google account to sign up.