Chinese Code Review Guidelines
Overview
Domestic teams often encounter two extremes when conducting Code Review: either being overly polite and letting critical issues slip through the cracks, or copying the straightforward Western style which makes colleagues feel embarrassed. This guideline helps you find a balance—neither avoiding problems nor making others unwilling to accept feedback.
Core Principles: Replace "commands" with "suggestions", replace "negations" with "questions", but never overlook bugs for the sake of saving face.
Expression of Review Feedback
Use Suggestions Instead of Commands
| Avoid (Imperative) | Recommended (Suggestive) |
|---|
| You must change this to X | It is recommended to consider using X because Y |
| This is wrong | There might be an issue here. Have you considered scenario Z? |
| Don't use this method | This method may have performance issues in scenario A. You can look into solution B |
| This code is not acceptable | Did I understand this logic correctly? What happens if the input is empty? |
Use Questions Instead of Negations
When you're unsure of the other party's intent, ask first before commenting:
# Good practice
What's the consideration for using sync to read files here? If the concurrency increases, it may block the event loop.
# Bad practice
You shouldn't use sync to read files here.
Priority Labeling
Use unified priority markers to help authors quickly judge urgency:
- [Must Fix] — Security vulnerabilities, data loss risks, logical errors (cannot merge without fixing)
- [Suggested Modification] — Performance issues, maintainability, missing validations (can be fixed in this iteration or the next)
- [For Reference Only] — Naming optimization, style suggestions, alternative solutions (optional to fix)
- [Question] — Uncertain areas that require the author to explain intent
Review Comment Template
[Must Fix] SQL Injection Risk
Line 42: User input is directly concatenated into the SQL statement.
Reason: Attackers can inject `'; DROP TABLE users; --` via the name parameter.
Suggestion: Use parameterized queries:
db.query('SELECT * FROM users WHERE name = $1', [name])
Reference: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Chinese-English Mixed Code Comment Standards
When to Use Chinese
- Business Logic Explanations — Use Chinese to explain business background and demand sources
- Complex Algorithm Comments — Use Chinese to write the logic to ensure all team members can understand
- TODO / FIXME — Use Chinese to describe pending tasks for easy search and tracking
- Document Comments (Internal Projects) — Use Chinese for descriptive text in JSDoc / Javadoc
typescript
function calculateDiscount(level: MemberLevel, amount: number): number {
// ...
}
When to Use English
- Variable Names, Function Names, Class Names — Always use English naming, following team naming conventions
- Git commit message — Refer to the commit guidelines below
- Open Source Project Comments — For projects targeting the international community, use unified English comments
- Error Messages and Logs — Use English for production environment error messages (to avoid encoding issues)
- API Interface Documents — Use English for externally exposed APIs
Mixed Format Requirements
typescript
// Good: Add space between Chinese and English
// 使用 Redis 缓存来减少 MySQL 的查询压力
// Bad: No space between Chinese and English
// 使用Redis缓存来减少MySQL的查询压力
// Good: Keep technical terms in English
// 这里用 debounce 防抖处理,避免频繁触发 API 请求
// Bad: Forcibly translate technical terms
// 这里用防抖动处理,避免频繁触发应用程序接口请求
Bilingual Chinese-English Commit Message Format
Recommended Format
For internal team projects, use Chinese commit messages, adopting the Chinese version of Conventional Commits:
<类型>(<范围>): <简要描述>
<详细说明(可选)>
<关联信息(可选)>
Type Comparison Table
| Type | Meaning | Example |
|---|
| feat | New Feature | feat(用户): 新增手机号登录功能 |
| fix | Bug Fix | fix(支付): 修复微信支付回调重复处理的问题 |
| docs | Document Changes | docs: 更新 API 接口文档 |
| style | Code Format | style: 统一缩进为 2 个空格 |
| refactor | Refactoring | refactor(订单): 拆分订单服务,提取公共逻辑 |
| perf | Performance Optimization | perf(列表): 虚拟滚动优化长列表渲染性能 |
| test | Testing | test(auth): 补充登录模块单元测试 |
| chore | Build/Tools | chore: 升级 Node.js 至 v20 |
Example
fix(支付): 修复支付宝异步回调签名校验失败的问题
原因:升级 SDK 后签名算法从 RSA 变为 RSA2,但回调校验仍使用旧算法。
方案:回调处理中同时兼容 RSA 和 RSA2 签名校验。
Closes #1234
Projects Targeting the International Community
If the project targets the international community or has foreign members, use English commit messages, and you can attach Chinese explanations in the PR description:
fix(payment): fix Alipay async callback signature verification failure
The SDK upgrade changed the signature algorithm from RSA to RSA2,
but the callback handler still used the old algorithm.
Closes #1234
Common Anti-Patterns and Countermeasures
Anti-Pattern 1: Overly Polite
Performance: All comments are like "I think maybe perhaps there's a small problem here".
Consequence: Critical bugs are hidden in a pile of euphemisms, and the author doesn't know which ones must be fixed.
Countermeasure: Use priority labeling. [Must Fix] means it must be fixed; the tone can be gentle, but the level must be accurate.
# Bad: Overly polite
I don't know if I understand correctly, but it seems like there might be a tiny concurrency issue here, though maybe I'm wrong...
# Good: Gentle but clear
[必须修复] 并发安全问题
这里的 map 在多个 goroutine 中同时读写,会触发 panic。
建议加 sync.RWMutex,或者换成 sync.Map。
复现方式:加 -race flag 跑测试就能看到。
Anti-Pattern 2: Afraid to Give Feedback to Senior Developers
Performance: Directly Approve code from senior developers or leaders without careful review.
Consequence: Double standards in code quality, and the team loses trust in Code Review.
Countermeasure: Code Review is about the code, not the person. You can use an alternative expression:
# Question-based (suitable for feedback to senior colleagues)
I'd like to ask, what's the consideration for choosing recursion instead of iteration here?
I'm wondering if stack overflow will occur if the recursion depth exceeds 1000 layers?
# Learning-based
I learned a new writing style! But I have a small question—this type assertion isn't checked at runtime.
If the upstream data structure changes, this will pass silently. Have you considered adding runtime validation?
Anti-Pattern 3: Review Becomes a Style Debate
Performance: A large number of comments focus on indentation, spaces, and brace positions.
Consequence: Wastes time and ignores real issues.
Countermeasure: Leave style issues to tools like ESLint / Prettier / gofmt to handle automatically. Code Review should focus on logic, security, and performance.
Anti-Pattern 4: Only Write "LGTM"
Performance: Casually write LGTM and Approve without substantive review.
Consequence: Code Review becomes a formality, and no one takes responsibility when problems arise.
Countermeasure: Even if the code quality is good, write down which aspects you reviewed:
LGTM
Reviewed aspects:
- Concurrency safety: Lock granularity is reasonable
- Error handling: All external calls have error handling
- Backward compatibility: New fields have default values and do not affect old versions
A small suggestion [仅供参考]: The variable name `d` on line 78 can be changed to `duration` for better readability.
Review Process Recommendations
Before Starting the Review
- First read the PR description to understand the background and purpose of the changes
- Read the associated Issue or requirement document
- First browse the overall content, then read each file in detail
Review Order
- Architecture Level — Is the solution reasonable? Is there a better way?
- Correctness — Is the logic correct? Are boundary conditions handled?
- Security — Are there injection, privilege escalation, or information leakage issues?
- Performance — Are there N+1 queries, memory leaks, or unnecessary loops?
- Maintainability — Can it be understood in half a year? Is test coverage sufficient?
- Style — Only focus on parts that cannot be handled automatically by tools
Provide a Summary
After the review, provide a summary including:
- Overall evaluation (one sentence)
- Aspects worth learning (praise first, then critique)
- List of main issues (by priority)
- Suggested modification directions
Summary: The overall implementation logic is clear, and the idempotent processing of payment callbacks is well done.
Main Issues:
1. [Must Fix] Concurrent map write issues (2 places)
2. [Suggested Modification] Missing null value validations (3 places)
3. [For Reference Only] Several variable names can be more semantic
Suggestion: Fix the concurrency issues first; the validation part can be fixed in this iteration or split into the next iteration.
Checklist
Before submitting review comments, confirm: