code-review
Code Review
Review Categories
1. Security Review
Check for:
- SQL injection vulnerabilities
- XSS (Cross-Site Scripting)
- Command injection
- Insecure deserialization
- Hardcoded secrets/credentials
- Improper authentication/authorization
- Insecure direct object references
2. Performance Review
Check for:
- N+1 queries
- Missing database indexes
- Unnecessary re-renders (React)
- Memory leaks
- Blocking operations in async code
- Missing caching opportunities
- Large bundle sizes
3. Code Quality Review
Check for:
- Code duplication (DRY violations)
- Functions doing too much (SRP violations)
- Deep nesting / complex conditionals
- Magic numbers/strings
- Poor naming
- Missing error handling
- Incomplete type coverage
4. Testing Review
Check for:
- Missing test coverage for new code
- Tests that don't test behavior
- Flaky test patterns
- Missing edge cases
- Mocked external dependencies
Review Output Format
## Code Review Summary
### 🔴 Critical (Must Fix)
- **[File:Line]** [Issue description]
- **Why:** [Explanation]
- **Fix:** [Suggested fix]
### 🟡 Suggestions (Should Consider)
- **[File:Line]** [Issue description]
- **Why:** [Explanation]
- **Fix:** [Suggested fix]
### 🟢 Nits (Optional)
- **[File:Line]** [Minor suggestion]
### ✅ What's Good
- [Positive feedback on good patterns]
Common Patterns to Flag
Security
// BAD: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;
// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);
Performance
// BAD: N+1 query
users.forEach(async user => {
const posts = await getPosts(user.id);
});
// GOOD: Batch query
const userIds = users.map(u => u.id);
const posts = await getPostsForUsers(userIds);
Error Handling
// BAD: Swallowing errors
try {
await riskyOperation();
} catch (e) {}
// GOOD: Handle or propagate
try {
await riskyOperation();
} catch (e) {
logger.error('Operation failed', { error: e });
throw new AppError('Operation failed', { cause: e });
}
Review Checklist
- No hardcoded secrets
- Input validation present
- Error handling complete
- Types/interfaces defined
- Tests added for new code
- No obvious performance issues
- Code is readable and documented
- Breaking changes documented
More from moodmnky-llc/mood-mnky-command
canvas-design
Create beautiful visual art in .png and .pdf documents using design philosophy. Use when the user asks to create a poster, piece of art, design, or other static visual piece. Creates original visual designs.
14code-refactoring
Code refactoring patterns and techniques for improving code quality without changing behavior. Use for cleaning up legacy code, reducing complexity, or improving maintainability.
13changelog-generator
Automatically creates user-facing changelogs from git commits by analyzing commit history, categorizing changes, and transforming technical commits into clear, customer-friendly release notes. Turns hours of manual changelog writing into minutes of automated generation.
12llm-application-dev
Building applications with Large Language Models - prompt engineering, RAG patterns, and LLM integration. Use for AI-powered features, chatbots, or LLM-based automation.
11javascript-typescript
JavaScript and TypeScript development with ES6+, Node.js, React, and modern web frameworks. Use for frontend, backend, or full-stack JavaScript/TypeScript projects.
11python-development
Modern Python development with Python 3.12+, Django, FastAPI, async patterns, and production best practices. Use for Python projects, APIs, data processing, or automation scripts.
11