Comprehensive guidelines for conducting effective code reviews.
Primary Goals:
- Catch bugs and edge cases before production
- Ensure code maintainability and readability
- Share knowledge across the team
- Enforce coding standards consistently
- Improve design and architecture decisions
Secondary Goals:
- Mentor junior developers
- Build team culture and trust
- Document design decisions through discussions
- A gatekeeping mechanism to block progress
- An opportunity to show off knowledge
- A place to nitpick formatting (use linters)
- A way to rewrite code to personal preference
| Trigger | Action |
|---|---|
| PR opened | Review within 24 hours, ideally same day |
| Changes requested | Re-review within 4 hours |
| Blocking issue found | Communicate immediately |
- Small PR (<100 lines): 10-15 minutes
- Medium PR (100-400 lines): 20-40 minutes
- Large PR (>400 lines): Request to split, or 60+ minutes
- Check PR description and linked issues
- Verify CI/CD status
- Look at file changes overview
- Identify if deeper review needed
- Full code walkthrough
- Logic verification
- Test coverage check
- Security scan
- Architecture evaluation
- Performance analysis
- Security audit
- Edge case exploration
Use collaborative language:
- "What do you think about..." instead of "You should..."
- "Could we consider..." instead of "This is wrong"
- "I'm curious about..." instead of "Why didn't you..."
Be specific and actionable:
- Include code examples when suggesting changes
- Link to documentation or past discussions
- Explain the "why" behind suggestions
- Seek to understand: Ask clarifying questions
- Acknowledge valid points: Show you've considered their perspective
- Provide data: Use benchmarks, docs, or examples
- Escalate if needed: Involve senior dev or architect
- Know when to let go: Not every hill is worth dying on
- Security vulnerabilities
- Data corruption risks
- Breaking changes without migration
- Critical performance issues
- Missing error handling for user-facing features
- Test coverage gaps
- Moderate performance concerns
- Code duplication
- Unclear naming or structure
- Missing documentation for complex logic
- Style preferences beyond linting
- Minor optimizations
- Additional test cases
- Documentation improvements
- Rubber stamping: Approving without actually reviewing
- Bike shedding: Debating trivial details extensively
- Scope creep: "While you're at it, can you also..."
- Ghosting: Requesting changes then disappearing
- Perfectionism: Blocking for minor style preferences
- Mega PRs: Submitting 1000+ line changes
- No context: Missing PR description or linked issues
- Defensive responses: Arguing every suggestion
- Silent updates: Making changes without responding to comments
- Time to first review
- Review cycle time
- Number of review rounds
- Defect escape rate
- Review coverage percentage
- Hold retrospectives on review process
- Share learnings from escaped bugs
- Update checklists based on common issues
- Celebrate good reviews and catches