code-review-checklist

代码审查清单 | Code Review Checklist

技能概述

A systematic code review checklist that helps developers comprehensively inspect code for functionality, security, performance, and maintainability, ensuring code quality and team standards consistency.

适用场景

1. Pull Request 审查

When reviewing a colleague's PR, use this checklist to quickly locate potential issues—from functional correctness and security vulnerabilities to performance bottlenecks and code style—checking each area to ensure merged code meets quality standards.

2. 代码审计与质量评估

When performing a codebase audit or assessing quality before refactoring, this checklist provides comprehensive inspection dimensions to help identify technical debt, security risks, and areas of code that need improvement.

3. 团队代码规范建设

When establishing code review standards for a new team or training newcomers in code review methods, this checklist offers a structured review framework and best practices to raise the team's overall code quality awareness.

核心功能

1. 多维度代码检查

Covers eight dimensions including functionality, security, performance, code quality, test coverage, documentation completeness, and Git commit conventions. Each dimension provides detailed checklist items and examples of good and bad code to ensure no review blind spots.

2. 安全漏洞专项检查

Targets OWASP Top 10 risks and provides methods to identify common vulnerabilities such as SQL injection, XSS, CSRF, and sensitive data leakage, helping reviewers quickly spot security issues.

3. 审查模板与最佳实践

Provides complete review checklist templates, review comment writing templates, common problem solutions, and references to code review guidelines from major companies like Google, making code review more standardized and efficient.

常见问题

代码审查应该检查哪些内容？

Code reviews should cover multiple dimensions including functional correctness, security, performance, code quality, test coverage, and documentation updates. Specifically: whether the code solves the intended problem, handling of edge cases, input validation, security risks like SQL injection, database query efficiency, code readability, and whether tests provide sufficient coverage. This checklist supplies a complete step-by-step inspection list to ensure no important aspects are missed.

如何进行高效的代码审查？

Recommended principles: keep PRs to a manageable size for thorough review; first check that tests pass and cover the new code; communicate promptly when in doubt rather than making subjective assumptions; focus on significant issues instead of nitpicking style details; use automated tools (linters, security scanners) to assist; consider the code's impact on the overall system during review. This checklist includes full guidance for pre-review preparation, in-review practices, and post-review processes.

代码审查常见的安全问题有哪些？

The most common security issues include: SQL injection (not using parameterized queries), XSS cross-site scripting (not escaping user output), hard-coded sensitive information (API keys, passwords), incorrect authentication/authorization logic, and missing input validation. The security review module of this checklist provides positive and negative code examples for each type of vulnerability to help quickly identify and remediate security problems.