[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-538e0c7c-849e-4839-99f8-8434fc959e71":3,"$fx7iUKg1yXLnAZthXsb7YW10SGJEiBIVrKxq8v7b4T9U":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"538e0c7c-849e-4839-99f8-8434fc959e71","code-review-checklist","全面代码审查清单，涵盖功能、安全性、性能和可维护性","cat_life_career","mod_other","sickn33,other","---\nname: code-review-checklist\ndescription: \"Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability\"\nrisk: unknown\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Code Review Checklist\n\n## Overview\n\nProvide a systematic checklist for conducting thorough code reviews. This skill helps reviewers ensure code quality, catch bugs, identify security issues, and maintain consistency across the codebase.\n\n## When to Use This Skill\n\n- Use when reviewing pull requests\n- Use when conducting code audits\n- Use when establishing code review standards for a team\n- Use when training new developers on code review practices\n- Use when you want to ensure nothing is missed in reviews\n- Use when creating code review documentation\n\n## How It Works\n\n### Step 1: Understand the Context\n\nBefore reviewing code, I'll help you understand:\n- What problem does this code solve?\n- What are the requirements?\n- What files were changed and why?\n- Are there related issues or tickets?\n- What's the testing strategy?\n\n### Step 2: Review Functionality\n\nCheck if the code works correctly:\n- Does it solve the stated problem?\n- Are edge cases handled?\n- Is error handling appropriate?\n- Are there any logical errors?\n- Does it match the requirements?\n\n### Step 3: Review Code Quality\n\nAssess code maintainability:\n- Is the code readable and clear?\n- Are names descriptive?\n- Is it properly structured?\n- Are functions\u002Fmethods focused?\n- Is there unnecessary complexity?\n\n### Step 4: Review Security\n\nCheck for security issues:\n- Are inputs validated?\n- Is sensitive data protected?\n- Are there SQL injection risks?\n- Is authentication\u002Fauthorization correct?\n- Are dependencies secure?\n\n### Step 5: Review Performance\n\nLook for performance issues:\n- Are there unnecessary loops?\n- Is database access optimized?\n- Are there memory leaks?\n- Is caching used appropriately?\n- Are there N+1 query problems?\n\n### Step 6: Review Tests\n\nVerify test coverage:\n- Are there tests for new code?\n- Do tests cover edge cases?\n- Are tests meaningful?\n- Do all tests pass?\n- Is test coverage adequate?\n\n## Examples\n\n### Example 1: Functionality Review Checklist\n\n```markdown\n## Functionality Review\n\n### Requirements\n- [ ] Code solves the stated problem\n- [ ] All acceptance criteria are met\n- [ ] Edge cases are handled\n- [ ] Error cases are handled\n- [ ] User input is validated\n\n### Logic\n- [ ] No logical errors or bugs\n- [ ] Conditions are correct (no off-by-one errors)\n- [ ] Loops terminate correctly\n- [ ] Recursion has proper base cases\n- [ ] State management is correct\n\n### Error Handling\n- [ ] Errors are caught appropriately\n- [ ] Error messages are clear and helpful\n- [ ] Errors don't expose sensitive information\n- [ ] Failed operations are rolled back\n- [ ] Logging is appropriate\n\n### Example Issues to Catch:\n\n**❌ Bad - Missing validation:**\n\\`\\`\\`javascript\nfunction createUser(email, password) {\n  \u002F\u002F No validation!\n  return db.users.create({ email, password });\n}\n\\`\\`\\`\n\n**✅ Good - Proper validation:**\n\\`\\`\\`javascript\nfunction createUser(email, password) {\n  if (!email || !isValidEmail(email)) {\n    throw new Error('Invalid email address');\n  }\n  if (!password || password.length \u003C 8) {\n    throw new Error('Password must be at least 8 characters');\n  }\n  return db.users.create({ email, password });\n}\n\\`\\`\\`\n```\n\n### Example 2: Security Review Checklist\n\n```markdown\n## Security Review\n\n### Input Validation\n- [ ] All user inputs are validated\n- [ ] SQL injection is prevented (use parameterized queries)\n- [ ] XSS is prevented (escape output)\n- [ ] CSRF protection is in place\n- [ ] File uploads are validated (type, size, content)\n\n### Authentication & Authorization\n- [ ] Authentication is required where needed\n- [ ] Authorization checks are present\n- [ ] Passwords are hashed (never stored plain text)\n- [ ] Sessions are managed securely\n- [ ] Tokens expire appropriately\n\n### Data Protection\n- [ ] Sensitive data is encrypted\n- [ ] API keys are not hardcoded\n- [ ] Environment variables are used for secrets\n- [ ] Personal data follows privacy regulations\n- [ ] Database credentials are secure\n\n### Dependencies\n- [ ] No known vulnerable dependencies\n- [ ] Dependencies are up to date\n- [ ] Unnecessary dependencies are removed\n- [ ] Dependency versions are pinned\n\n### Example Issues to Catch:\n\n**❌ Bad - SQL injection risk:**\n\\`\\`\\`javascript\nconst query = \\`SELECT * FROM users WHERE email = '\\${email}'\\`;\ndb.query(query);\n\\`\\`\\`\n\n**✅ Good - Parameterized query:**\n\\`\\`\\`javascript\nconst query = 'SELECT * FROM users WHERE email = $1';\ndb.query(query, [email]);\n\\`\\`\\`\n\n**❌ Bad - Hardcoded secret:**\n\\`\\`\\`javascript\nconst API_KEY = 'sk_live_abc123xyz';\n\\`\\`\\`\n\n**✅ Good - Environment variable:**\n\\`\\`\\`javascript\nconst API_KEY = process.env.API_KEY;\nif (!API_KEY) {\n  throw new Error('API_KEY environment variable is required');\n}\n\\`\\`\\`\n```\n\n### Example 3: Code Quality Review Checklist\n\n```markdown\n## Code Quality Review\n\n### Readability\n- [ ] Code is easy to understand\n- [ ] Variable names are descriptive\n- [ ] Function names explain what they do\n- [ ] Complex logic has comments\n- [ ] Magic numbers are replaced with constants\n\n### Structure\n- [ ] Functions are small and focused\n- [ ] Code follows DRY principle (Don't Repeat Yourself)\n- [ ] Proper separation of concerns\n- [ ] Consistent code style\n- [ ] No dead code or commented-out code\n\n### Maintainability\n- [ ] Code is modular and reusable\n- [ ] Dependencies are minimal\n- [ ] Changes are backwards compatible\n- [ ] Breaking changes are documented\n- [ ] Technical debt is noted\n\n### Example Issues to Catch:\n\n**❌ Bad - Unclear naming:**\n\\`\\`\\`javascript\nfunction calc(a, b, c) {\n  return a * b + c;\n}\n\\`\\`\\`\n\n**✅ Good - Descriptive naming:**\n\\`\\`\\`javascript\nfunction calculateTotalPrice(quantity, unitPrice, tax) {\n  return quantity * unitPrice + tax;\n}\n\\`\\`\\`\n\n**❌ Bad - Function doing too much:**\n\\`\\`\\`javascript\nfunction processOrder(order) {\n  \u002F\u002F Validate order\n  if (!order.items) throw new Error('No items');\n  \n  \u002F\u002F Calculate total\n  let total = 0;\n  for (let item of order.items) {\n    total += item.price * item.quantity;\n  }\n  \n  \u002F\u002F Apply discount\n  if (order.coupon) {\n    total *= 0.9;\n  }\n  \n  \u002F\u002F Process payment\n  const payment = stripe.charge(total);\n  \n  \u002F\u002F Send email\n  sendEmail(order.email, 'Order confirmed');\n  \n  \u002F\u002F Update inventory\n  updateInventory(order.items);\n  \n  return { orderId: order.id, total };\n}\n\\`\\`\\`\n\n**✅ Good - Separated concerns:**\n\\`\\`\\`javascript\nfunction processOrder(order) {\n  validateOrder(order);\n  const total = calculateOrderTotal(order);\n  const payment = processPayment(total);\n  sendOrderConfirmation(order.email);\n  updateInventory(order.items);\n  \n  return { orderId: order.id, total };\n}\n\\`\\`\\`\n```\n\n## Best Practices\n\n### ✅ Do This\n\n- **Review Small Changes** - Smaller PRs are easier to review thoroughly\n- **Check Tests First** - Verify tests pass and cover new code\n- **Run the Code** - Test it locally when possible\n- **Ask Questions** - Don't assume, ask for clarification\n- **Be Constructive** - Suggest improvements, don't just criticize\n- **Focus on Important Issues** - Don't nitpick minor style issues\n- **Use Automated Tools** - Linters, formatters, security scanners\n- **Review Documentation** - Check if docs are updated\n- **Consider Performance** - Think about scale and efficiency\n- **Check for Regressions** - Ensure existing functionality still works\n\n### ❌ Don't Do This\n\n- **Don't Approve Without Reading** - Actually review the code\n- **Don't Be Vague** - Provide specific feedback with examples\n- **Don't Ignore Security** - Security issues are critical\n- **Don't Skip Tests** - Untested code will cause problems\n- **Don't Be Rude** - Be respectful and professional\n- **Don't Rubber Stamp** - Every review should add value\n- **Don't Review When Tired** - You'll miss important issues\n- **Don't Forget Context** - Understand the bigger picture\n\n## Complete Review Checklist\n\n### Pre-Review\n- [ ] Read the PR description and linked issues\n- [ ] Understand what problem is being solved\n- [ ] Check if tests pass in CI\u002FCD\n- [ ] Pull the branch and run it locally\n\n### Functionality\n- [ ] Code solves the stated problem\n- [ ] Edge cases are handled\n- [ ] Error handling is appropriate\n- [ ] User input is validated\n- [ ] No logical errors\n\n### Security\n- [ ] No SQL injection vulnerabilities\n- [ ] No XSS vulnerabilities\n- [ ] Authentication\u002Fauthorization is correct\n- [ ] Sensitive data is protected\n- [ ] No hardcoded secrets\n\n### Performance\n- [ ] No unnecessary database queries\n- [ ] No N+1 query problems\n- [ ] Efficient algorithms used\n- [ ] No memory leaks\n- [ ] Caching used appropriately\n\n### Code Quality\n- [ ] Code is readable and clear\n- [ ] Names are descriptive\n- [ ] Functions are focused and small\n- [ ] No code duplication\n- [ ] Follows project conventions\n\n### Tests\n- [ ] New code has tests\n- [ ] Tests cover edge cases\n- [ ] Tests are meaningful\n- [ ] All tests pass\n- [ ] Test coverage is adequate\n\n### Documentation\n- [ ] Code comments explain why, not what\n- [ ] API documentation is updated\n- [ ] README is updated if needed\n- [ ] Breaking changes are documented\n- [ ] Migration guide provided if needed\n\n### Git\n- [ ] Commit messages are clear\n- [ ] No merge conflicts\n- [ ] Branch is up to date with main\n- [ ] No unnecessary files committed\n- [ ] .gitignore is properly configured\n\n## Common Pitfalls\n\n### Problem: Missing Edge Cases\n**Symptoms:** Code works for happy path but fails on edge cases\n**Solution:** Ask \"What if...?\" questions\n- What if the input is null?\n- What if the array is empty?\n- What if the user is not authenticated?\n- What if the network request fails?\n\n### Problem: Security Vulnerabilities\n**Symptoms:** Code exposes security risks\n**Solution:** Use security checklist\n- Run security scanners (npm audit, Snyk)\n- Check OWASP Top 10\n- Validate all inputs\n- Use parameterized queries\n- Never trust user input\n\n### Problem: Poor Test Coverage\n**Symptoms:** New code has no tests or inadequate tests\n**Solution:** Require tests for all new code\n- Unit tests for functions\n- Integration tests for features\n- Edge case tests\n- Error case tests\n\n### Problem: Unclear Code\n**Symptoms:** Reviewer can't understand what code does\n**Solution:** Request improvements\n- Better variable names\n- Explanatory comments\n- Smaller functions\n- Clear structure\n\n## Review Comment Templates\n\n### Requesting Changes\n```markdown\n**Issue:** [Describe the problem]\n\n**Current code:**\n\\`\\`\\`javascript\n\u002F\u002F Show problematic code\n\\`\\`\\`\n\n**Suggested fix:**\n\\`\\`\\`javascript\n\u002F\u002F Show improved code\n\\`\\`\\`\n\n**Why:** [Explain why this is better]\n```\n\n### Asking Questions\n```markdown\n**Question:** [Your question]\n\n**Context:** [Why you're asking]\n\n**Suggestion:** [If you have one]\n```\n\n### Praising Good Code\n```markdown\n**Nice!** [What you liked]\n\nThis is great because [explain why]\n```\n\n## Related Skills\n\n- `@requesting-code-review` - Prepare code for review\n- `@receiving-code-review` - Handle review feedback\n- `@systematic-debugging` - Debug issues found in review\n- `@test-driven-development` - Ensure code has tests\n\n## Additional Resources\n\n- [Google Code Review Guidelines](https:\u002F\u002Fgoogle.github.io\u002Feng-practices\u002Freview\u002F)\n- [OWASP Top 10](https:\u002F\u002Fowasp.org\u002Fwww-project-top-ten\u002F)\n- [Code Review Best Practices](https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fguides\u002Ftree\u002Fmain\u002Fcode-review)\n- [How to Review Code](https:\u002F\u002Fwww.kevinlondon.com\u002F2015\u002F05\u002F05\u002Fcode-review-best-practices.html)\n\n---\n\n**Pro Tip:** Use a checklist template for every review to ensure consistency and thoroughness. Customize it for your team's specific needs!\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,137,1615,"2026-05-16 13:11:48",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"4eb5689b-cff1-4fae-aea2-e8565ed3fbba","1.0.0","code-review-checklist.zip",4580,"uploads\u002Fskills\u002F538e0c7c-849e-4839-99f8-8434fc959e71\u002Fcode-review-checklist.zip","d8a128ed5b0bc179c6b9e5d207edf5d5eb80161ffaeef84374df75d1903b691f","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":11998}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]