Skip to content

Instantly share code, notes, and snippets.

@shellprog

shellprog/code-review-checklist.md

Forked from nerandell/code-review-checklist.md
Created November 11, 2022 10:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save shellprog/e87b16eda4fca78ae8dea00f98ed2694 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save shellprog/e87b16eda4fca78ae8dea00f98ed2694 to your computer and use it in GitHub Desktop.
Download ZIP
PHP Code Review Guidelines
Raw
code-review-checklist.md

General

  • The code works
  • The code is easy to understand
  • Follows coding conventions
  • Names are simple and if possible short
  • Names are spelt correctly
  • Names contain units where applicable
  • There are no usages of magic numbers
  • No hard coded constants that could possibly change in the future
  • All variables are in the smallest scope possible
  • All class, variable, and method modifiers are correct.
  • There is no commented out code
  • There is no dead code (inaccessible at Runtime)
  • No code that can be replaced with library functions
  • Required logs are present
  • Frivolous logs are absent
  • Debugging code is absent
  • No print_r, var_dump or similar calls exist
  • No stack traces are printed
  • Variables are not accidentally used with null values
  • Variables are immutable where possible
  • Code is not repeated or duplicated
  • There is an else block for every if clause even if it is empty
  • No complex/long boolean expressions
  • No negatively named boolean variables
  • No empty blocks of code
  • Ideal data structures are used
  • Constructors do not accept null/none values
  • Catch clauses are fine grained and catch specific exceptions
  • Exceptions are not eaten if caught, unless explicitly documented otherwise
  • APIs and other public contracts check input values and fail fast
  • Files/Sockets and other resources are properly closed even when an exception occurs in using them
  • null is not returned from any method
  • == operator and === (and its inverse !==) are not fixed up
  • Floating point numbers are not compared for equality
  • Loops have a set length and correct termination conditions
  • Blocks of code inside loops are as small as possible
  • No methods with boolean parameters
  • No object exists longer than necessary
  • Design patterns if used are correctly applied
  • No memory leaks
  • Law of Demeter is not violated
  • Code is unit testable
  • Test cases are written wherever possible
  • Methods return early without compromising code readability

Documentation

  • All methods are commented in clear language.
  • Comments exist and describe rationale or reasons for decisions in code
  • All public methods/interfaces/contracts are commented describing usage
  • All edge cases are described in comments
  • All unusual behaviour or edge case handling is commented
  • Data structures and units of measurement are explained

Security

  • All data inputs are checked (for the correct type, length/size, format, and range)
  • Invalid parameter values handled such that exceptions are not thrown
  • No sensitive information is logged or visible in a stacktrace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment