[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-b2f61080-ace7-4dde-9277-f1a9ceb86dd6":3,"$faZQIAJ2ow116q8u6rGcbrDZd4PKZqgBouf2999PJg2M":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"b2f61080-ace7-4dde-9277-f1a9ceb86dd6","codebase-audit-pre-push","在GitHub推送前进行深度审计:删除垃圾文件、无效代码、安全漏洞和优化问题。逐行检查每个文件以确保生产就绪。","cat_coding_review","mod_coding","sickn33,coding","---\nname: codebase-audit-pre-push\ndescription: \"Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.\"\ncategory: development\nrisk: safe\nsource: community\ndate_added: \"2026-03-05\"\n---\n\n# Pre-Push Codebase Audit\n\nAs a senior engineer, you're doing the final review before pushing this code to GitHub. Check everything carefully and fix problems as you find them. \n\n## When to Use This Skill \n\n- User requests \"audit the codebase\" or \"review before push\" \n- Before making the first push to GitHub \n- Before making a repository public \n- Pre-production deployment review \n- User asks to \"clean up the code\" or \"optimize everything\" \n\n## Your Job \n\nReview the entire codebase file by file. Read the code carefully. Fix issues right away. Don't just note problems—make the necessary changes. \n\n## Audit Process \n\n### 1. Clean Up Junk Files \n\nStart by looking for files that shouldn't be on GitHub: \n\n**Delete these immediately:** \n- OS files: `.DS_Store`, `Thumbs.db`, `desktop.ini` \n- Logs: `*.log`, `npm-debug.log*`, `yarn-error.log*` \n- Temp files: `*.tmp`, `*.temp`, `*.cache`, `*.swp` \n- Build output: `dist\u002F`, `build\u002F`, `.next\u002F`, `out\u002F`, `.cache\u002F` \n- Dependencies: `node_modules\u002F`, `vendor\u002F`, `__pycache__\u002F`, `*.pyc` \n- IDE files: `.idea\u002F`, `.vscode\u002F` (ask user first), `*.iml`, `.project` \n- Backup files: `*.bak`, `*_old.*`, `*_backup.*`, `*_copy.*` \n- Test artifacts: `coverage\u002F`, `.nyc_output\u002F`, `test-results\u002F` \n- Personal junk: `TODO.txt`, `NOTES.txt`, `scratch.*`, `test123.*` \n\n**Critical - Check for secrets:** \n- `.env` files (should never be committed) \n- Files containing: `password`, `api_key`, `token`, `secret`, `private_key` \n- `*.pem`, `*.key`, `*.cert`, `credentials.json`, `serviceAccountKey.json` \n\nIf you find secrets in the code, mark it as a CRITICAL BLOCKER. \n\n### 2. Fix .gitignore \n\nCheck if the `.gitignore` file exists and is thorough. If it’s missing or not complete, update it to include all junk file patterns above. Ensure that `.env.example` exists with keys but no values. \n\n### 3. Audit Every Source File \n\nLook through each code file and check: \n\n**Dead Code (remove immediately):** \n- Commented-out code blocks \n- Unused imports\u002Frequires \n- Unused variables (declared but never used) \n- Unused functions (defined but never called) \n- Unreachable code (after `return`, inside `if (false)`) \n- Duplicate logic (same code in multiple places—combine) \n\n**Code Quality (fix issues as you go):** \n- Vague names: `data`, `info`, `temp`, `thing` → rename to be descriptive \n- Magic numbers: `if (status === 3)` → extract to named constant \n- Debug statements: remove `console.log`, `print()`, `debugger` \n- TODO\u002FFIXME comments: either resolve them or delete them \n- TypeScript `any`: add proper types or explain why `any` is used \n- Use `===` instead of `==` in JavaScript \n- Functions longer than 50 lines: consider splitting \n- Nested code greater than 3 levels: refactor with early returns \n\n**Logic Issues (critical):** \n- Missing null\u002Fundefined checks \n- Array operations on potentially empty arrays \n- Async functions that are not awaited \n- Promises without `.catch()` or try\u002Fcatch \n- Possibilities for infinite loops \n- Missing `default` in switch statements \n\n### 4. Security Check (Zero Tolerance) \n\n**Secrets:** Search for hardcoded passwords, API keys, and tokens. They must be in environment variables. \n\n**Injection vulnerabilities:** \n- SQL: No string concatenation in queries—use parameterized queries only \n- Command injection: No `exec()` with user-provided input \n- Path traversal: No file paths from user input without validation \n- XSS: No `innerHTML` or `dangerouslySetInnerHTML` with user data \n\n**Auth\u002FAuthorization:** \n- Passwords hashed with bcrypt\u002Fargon2 (never MD5 or plain text) \n- Protected routes check for authentication \n- Authorization checks on the server side, not just in the UI \n- No IDOR: verify users own the resources they are accessing \n\n**Data exposure:** \n- API responses do not leak unnecessary information \n- Error messages do not expose stack traces or database details \n- Pagination is present on list endpoints \n\n**Dependencies:** \n- Run `npm audit` or an equivalent tool \n- Flag critically outdated or vulnerable packages \n\n### 5. Scalability Check \n\n**Database:** \n- N+1 queries: loops with database calls inside → use JOINs or batch queries \n- Missing indexes on WHERE\u002FORDER BY columns \n- Unbounded queries: add LIMIT or pagination \n- Avoid `SELECT *`: specify columns \n\n**API Design:** \n- Heavy operations (like email, reports, file processing) → move to a background queue \n- Rate limiting on public endpoints \n- Caching for data that is read frequently \n- Timeouts on external calls \n\n**Code:** \n- No global mutable state \n- Clean up event listeners (to avoid memory leaks) \n- Stream large files instead of loading them into memory \n\n### 6. Architecture Check \n\n**Organization:** \n- Clear folder structure \n- Files are in logical locations \n- No \"misc\" or \"stuff\" folders \n\n**Separation of concerns:** \n- UI layer: only responsible for rendering \n- Business logic: pure functions \n- Data layer: isolated database queries \n- No 500+ line \"god files\" \n\n**Reusability:** \n- Duplicate code → extract to shared utilities \n- Constants defined once and imported \n- Types\u002Finterfaces reused, not redefined \n\n### 7. Performance \n\n**Backend:** \n- Expensive operations do not block requests \n- Batch database calls when possible \n- Set cache headers correctly \n\n**Frontend (if applicable):** \n- Implement code splitting \n- Optimize images \n- Avoid massive dependencies for small utilities \n- Use lazy loading for heavy components \n\n### 8. Documentation \n\n**README.md must include:** \n- Description of what the project does \n- Instructions for installation and execution \n- Required environment variables \n- Guidance on running tests \n\n**Code comments:** \n- Explain WHY, not WHAT \n- Provide explanations for complex logic \n- Avoid comments that merely repeat the code \n\n### 9. Testing \n\n- Critical paths should have tests (auth, payments, core features) \n- No `test.only` or `fdescribe` should remain in the code \n- Avoid `test.skip` without an explanation \n- Tests should verify behavior, not implementation details \n\n### 10. Final Verification \n\nAfter making all changes, run the app. Ensure nothing is broken. Check that: \n- The app starts without errors \n- Main features work \n- Tests pass (if they exist) \n- No regressions have been introduced \n\n## Output Format \n\nAfter auditing, provide a report: \n\n```\nCODEBASE AUDIT COMPLETE \n\nFILES REMOVED: \n- node_modules\u002F (build artifact) \n- .env (contained secrets) \n- old_backup.js (unused duplicate) \n\nCODE CHANGES: \n[src\u002Fapi\u002Fusers.js] \n ✂ Removed unused import: lodash \n ✂ Removed dead function: formatOldWay() \n 🔧 Renamed 'data' → 'userData' for clarity \n 🛡 Added try\u002Fcatch around API call (line 47) \n\n[src\u002Fdb\u002Fqueries.js] \n ⚡ Fixed N+1 query: now uses JOIN instead of loop \n\nSECURITY ISSUES: \n🚨 CRITICAL: Hardcoded API key in config.js (line 12) → moved to .env \n⚠️ HIGH: SQL injection risk in search.js (line 34) → fixed with parameterized query \n\nSCALABILITY: \n⚡ Added pagination to \u002Fapi\u002Fusers endpoint \n⚡ Added index on users.email column \n\nFINAL STATUS: \n✅ CLEAN - Ready to push to GitHub \n\nScores: \nSecurity: 9\u002F10 (one minor header missing) \nCode Quality: 10\u002F10 \nScalability: 9\u002F10 \nOverall: 9\u002F10 \n``` \n\n## Key Principles \n\n- Read the code thoroughly, don't skim \n- Fix issues immediately, don’t just document them \n- If uncertain about removing something, ask the user \n- Test after making changes \n- Be thorough but practical—focus on real problems \n- Security issues are blockers—nothing should ship with critical vulnerabilities \n\n## Related Skills \n\n- `@security-auditor` - Deeper security review \n- `@systematic-debugging` - Investigate specific issues \n- `@git-pushing` - Push code after audit\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,96,1159,"2026-05-16 13:11:59",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查,提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"ebb054c9-4226-4683-96d5-6c68ad1d63ff","1.0.0","codebase-audit-pre-push.zip",4168,"uploads\u002Fskills\u002Fb2f61080-ace7-4dde-9277-f1a9ceb86dd6\u002Fcodebase-audit-pre-push.zip","5aa93f09e08c5c81000019b000c2b02526a3546858b2d8dedf8940a344c5f3bc","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":8484}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]