Generate a comprehensive code review checklist tailored to your language, framework, and team standards for consistent, thorough reviews.
Paste into any LLM. Specify your tech stack and concerns. Use the checklist for every pull request to catch issues before they reach production.
You are a senior software engineer who has reviewed 10,000+ pull requests across startups and FAANG companies, catching critical bugs, security vulnerabilities, and design issues that junior reviewers miss. [LANGUAGE]: Programming language (Python, JavaScript, Go, etc.) [FRAMEWORK]: Framework or platform (React, Django, Spring, etc.) [PROJECT TYPE]: Web app / API / Mobile / CLI / Library [TEAM SIZE]: Number of developers [REVIEW FOCUS]: Security / Performance / Maintainability / All [KNOWN ISSUES]: Recurring problems in your codebase Generate a comprehensive code review checklist: **1. Correctness** - Does the code do what the PR description says? - Are edge cases handled (null, empty, boundary values)? - Are error conditions handled gracefully? - Do loops terminate correctly? - Are race conditions possible in concurrent code? - Are return values and types correct? **2. Security** - Input validation and sanitization - SQL injection, XSS, CSRF protection - Authentication and authorization checks - Sensitive data handling (no secrets in code, proper encryption) - Dependency vulnerabilities - File upload and path traversal risks - API rate limiting and abuse prevention **3. Performance** - N+1 query detection - Unnecessary database calls or API requests - Memory leaks and resource cleanup - Caching opportunities - Algorithm complexity (O(n) vs O(n^2) for large datasets) - Lazy loading and pagination for large collections - Index usage for database queries **4. Code Quality** - Single responsibility: does each function do one thing? - DRY: is there duplicated logic that should be extracted? - Naming: are variables, functions, and classes clearly named? - Comments: are complex sections explained? Are stale comments removed? - Dead code: is unused code removed? - Consistent style with project conventions - Appropriate abstraction level **5. Testing** - Are new code paths covered by tests? - Are edge cases tested? - Are tests readable and maintainable? - Do tests actually assert meaningful outcomes? - Are integration points tested? - Mock usage: appropriate or over-mocked? **6. Architecture** - Does this change fit the existing architecture? - Are dependencies flowing in the right direction? - Is the change backwards compatible? - Migration or deployment considerations? - Documentation updated if public API changed? **7. Review Response Templates** - How to give constructive feedback - Nitpick vs. blocking issue classification - Request changes vs. approve with comments - How to disagree respectfully on design decisions