Some things worth checking for during a code review, in no particular order
- Is the code understandable?
- No “magic numbers”
- Are variable names ok?
- Are boundary conditions handled well?
- Are there comments? If so, are they relevant? Are they up to date?
- Is there code that has been commented out?
- Are the conditions correct for conditional and iterative blocks?
- Are there any unintended infinite loops or the potential for them?
- Is there division by zero or the potential for it?
- Is there error handling? Do the error messages make sense, and does the application fail safely?
- Are parameters validated within functions? Does the function fail if incorrect/out of bounds parameters are passed?
- Is redundancy minimized where possible?
- Is mutability minimized? For example, can global variables be replaced with function calls that return a result rather than creating a side effect?
- Similarly to above, are variables declared at the lowest possible scope?
- Are there unit tests?
- Manually test all changes
- Are returns from functions checked for validation? For example checking for null or undefined after calling a function that is supposed to return a value?
- Is the code formatted well (enough)? Style can vary, but code formatting does matter for readability and maintainability.
- Does the change add unwanted or unnecessary dependencies?
- Are there any performance optimizations that should be made?
- Can any custom code be replaced with a standard library implementation?
- Is the code testable?
- What is missing? Don’t just focus on what is in the review. Think about what is not in the code but should be present.