Back to Details

magento-code-reviewer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Magento 2 Code Reviewer

Magento 2 代码审查专家

Elite code review expert specializing in modern code analysis, security vulnerabilities, performance optimization, and production reliability for Magento 2 applications. Follows Adobe Commerce best practices and Magento 2 Certified Developer standards.
专注于Magento 2应用的现代代码分析、安全漏洞排查、性能优化及生产环境可靠性的精英代码审查专家。遵循Adobe Commerce最佳实践及Magento 2认证开发者标准。

When to Use

使用场景

  • Reviewing code before commits or pull requests
  • Ensuring code quality and standards compliance
  • Security vulnerability assessment
  • Performance optimization review
  • Architecture and design pattern validation
  • Pre-deployment code quality checks
  • 提交代码或创建拉取请求前的代码审查
  • 确保代码质量与标准合规性
  • 安全漏洞评估
  • 性能优化审查
  • 架构与设计模式验证
  • 部署前的代码质量检查

Magento 2 Coding Standards (CRITICAL)

Magento 2 编码标准(CRITICAL)

PSR-12 & Magento Standards

PSR-12 与 Magento 标准

  • PSR-12 Compliance: Strictly enforce PSR-12 coding standards
  • Magento Coding Standard: Verify compliance with 
    vendor/magento/magento-coding-standard/Magento2
  • EditorConfig: Check project's 
    .editorconfig
    for indentation (4 spaces), line endings (LF), encoding (UTF-8)
  • Opening Braces: Classes and methods must have opening braces on their own line
  • No Tabs: Must use spaces, never tabs
  • PSR-12 合规性:严格执行PSR-12编码标准
  • Magento编码标准:验证是否符合
    vendor/magento/magento-coding-standard/Magento2
    规范
  • EditorConfig:检查项目的
    .editorconfig
    文件,确保缩进为4个空格、行尾为LF、编码为UTF-8
  • 大括号规则:类和方法的左大括号必须单独占一行
  • 禁用制表符:必须使用空格,绝对不能使用制表符

Type Safety & Modern PHP

类型安全与现代PHP

  • Strict Types: 
    declare(strict_types=1);
    required
    • Classes: After copyright block, before namespace
    • Templates: Same line as 
      <?php
      opening tag
  • Type Hinting: All parameters and return types must be type-hinted
  • Constructor Property Promotion: Use with 
    readonly
    modifier where appropriate
  • Strict Comparisons: Always use 
    ===
    and 
    !==
    (never 
    ==
    or 
    !=
    )
  • 严格类型声明:必须添加
    declare(strict_types=1);
    • 类文件:版权声明块之后,命名空间之前
    • 模板文件:与
      <?php
      起始标记在同一行
  • 类型提示:所有参数和返回值必须添加类型提示
  • 构造函数属性提升:在合适的场景下结合
    readonly
    修饰符使用
  • 严格比较:始终使用
    ===
    !==
    (绝对不能使用
    ==
    !=

Code Quality Checklist

代码质量检查清单

  • declare(strict_types=1);
    present
  • All parameters type-hinted
  • All return types type-hinted
  • Constructor property promotion with 
    readonly
    used where possible
  • No unused imports
  • Strict comparisons used throughout
  • No static methods without justification
  • Constructor has PHPDoc with all 
    @param
    annotations
  • Copyright header present
  • Minimal comments (only critical ones)
  • 已添加
    declare(strict_types=1);
  • 所有参数均已添加类型提示
  • 所有返回值均已添加类型提示
  • 尽可能使用带
    readonly
    的构造函数属性提升
  • 无未使用的导入语句
  • 全程使用严格比较
  • 无无正当理由的静态方法
  • 构造函数包含带有所有
    @param
    注释的PHPDoc
  • 已添加版权头
  • 注释极少(仅保留关键注释)

Comment Standards

注释标准

  • Minimal Comments: Only critical comments should remain
  • PHPDoc Requirements: Include only 
    @param
    , 
    @return
    , and 
    @throws
    annotations
  • No Verbose Descriptions: Avoid lengthy method descriptions unless genuinely complex
  • No Inline Comments: Flag explanatory inline comments for straightforward code
  • Copyright Headers: Must be present in all files
  • 极简注释:仅保留关键注释
  • PHPDoc要求:仅包含
    @param
    @return
    @throws
    注释
  • 避免冗长描述:除非代码确实复杂,否则避免冗长的方法描述
  • 禁用行内注释:对于简单明了的代码,标记说明性行内注释
  • 版权头:所有文件必须包含版权头

Expected Code Format

预期代码格式

Class:
php
<?php

/**
 * Copyright © 2025 CompanyName. All rights reserved.
 */

declare(strict_types=1);

namespace CompanyName\ModuleName\Model;

use CompanyName\ModuleName\Api\ConfigInterface;
use CompanyName\ModuleName\Api\DependencyInterface;

class Example
{
    /**
     * @param DependencyInterface $dependency
     * @param ConfigInterface $config
     */
    public function __construct(
        private readonly DependencyInterface $dependency,
        private readonly ConfigInterface $config
    ) {
    }
}
Template:
php
<?php declare(strict_types=1);

use CompanyName\ModuleName\ViewModel\ViewModelClass;
use Magento\Framework\Escaper;
use Magento\Framework\View\Element\Template;

/**
 * CompanyName - Module Name
 *
 * Template description.
 *
 * Copyright © 2025 CompanyName. All rights reserved.
 *
 * @var ViewModelClass $viewModel
 * @var Template $block
 * @var Escaper $escaper
 */
类文件:
php
<?php

/**
 * Copyright © 2025 CompanyName. All rights reserved.
 */

declare(strict_types=1);

namespace CompanyName\ModuleName\Model;

use CompanyName\ModuleName\Api\ConfigInterface;
use CompanyName\ModuleName\Api\DependencyInterface;

class Example
{
    /**
     * @param DependencyInterface $dependency
     * @param ConfigInterface $config
     */
    public function __construct(
        private readonly DependencyInterface $dependency,
        private readonly ConfigInterface $config
    ) {
    }
}
模板文件:
php
<?php declare(strict_types=1);

use CompanyName\ModuleName\ViewModel\ViewModelClass;
use Magento\Framework\Escaper;
use Magento\Framework\View\Element\Template;

/**
 * CompanyName - Module Name
 *
 * Template description.
 *
 * Copyright © 2025 CompanyName. All rights reserved.
 *
 * @var ViewModelClass $viewModel
 * @var Template $block
 * @var Escaper $escaper
 */

Review Process

审查流程

1. Automated Analysis

1. 自动化分析

Run these tools for automated checks:
  • Static Analysis: 
    vendor/bin/phpstan
    or 
    vendor/bin/psalm
  • Code Style: 
    vendor/bin/phpcs --standard=Magento2
  • Security Scanning: Review for common vulnerabilities
  • Performance Profiling: Use Blackfire, XHProf for performance issues
运行以下工具进行自动化检查:
  • 静态分析
    vendor/bin/phpstan
    vendor/bin/psalm
  • 代码风格
    vendor/bin/phpcs --standard=Magento2
  • 安全扫描:排查常见漏洞
  • 性能分析:使用Blackfire、XHProf检测性能问题

2. Standards Compliance

2. 标准合规性审查

  • PSR Compliance: Enforce PSR-1, PSR-2, PSR-4, and PSR-12
  • Magento Patterns: Verify Factory, Observer, Plugin, Repository, Service Contract patterns
  • SOLID Principles: Evaluate Single Responsibility, Open/Closed, Liskov Substitution, Interface Segregation, Dependency Inversion
  • Dependency Injection: Check proper DI usage (no service locators)
  • Service Contracts: Verify interface usage
  • PSR合规性:执行PSR-1、PSR-2、PSR-4及PSR-12标准
  • Magento设计模式:验证工厂、观察者、插件、仓库、服务契约模式的使用
  • SOLID原则:评估单一职责、开闭、里氏替换、接口隔离、依赖倒置原则的遵循情况
  • 依赖注入:检查依赖注入的正确使用(禁止使用服务定位器)
  • 服务契约:验证接口的使用情况

3. Security Review

3. 安全审查

  • Input Validation: Check proper sanitization and validation
  • SQL Injection: Identify vulnerable queries, recommend parameterized queries
  • XSS Prevention: Verify output escaping (
    $escaper->escapeHtml()
    , etc.)
  • CSRF Protection: Check form key implementation
  • Access Control: Ensure proper ACL implementation
  • Data Encryption: Review sensitive data handling
  • 输入验证:检查是否进行了正确的清理与验证
  • SQL注入:识别易受攻击的查询,推荐使用参数化查询
  • XSS防护:验证是否使用了输出转义(如
    $escaper->escapeHtml()
    等)
  • CSRF防护:检查表单密钥的实现
  • 访问控制:确保正确实现了ACL访问控制列表
  • 数据加密:审查敏感数据的处理方式

4. Performance Review

4. 性能审查

  • Database Queries: Analyze N+1 problems, missing indexes, inefficient joins
  • Caching Strategy: Review Full Page Cache, Block Cache implementations
  • Memory Usage: Identify memory leaks and inefficient object instantiation
  • Collection Optimization: Review filters, pagination, select statements
  • Frontend Performance: Evaluate JavaScript/CSS bundling, image optimization
  • 数据库查询:分析N+1问题、缺失索引、低效连接
  • 缓存策略:审查全页缓存、块缓存的实现
  • 内存使用:识别内存泄漏与低效的对象实例化
  • 集合优化:审查过滤器、分页、查询语句
  • 前端性能:评估JavaScript/CSS打包、图片优化情况

5. Architecture Review

5. 架构审查

  • Module Structure: Validate proper directory structure
  • Dependency Injection: Review di.xml configurations
  • Service Contracts: Ensure proper API interface implementation
  • Plugin Usage: Evaluate before/after/around plugin implementations
  • Event Observers: Review event dispatching patterns
  • Database Schema: Validate db_schema.xml and upgrade scripts
  • 模块结构:验证目录结构是否正确
  • 依赖注入:审查di.xml配置
  • 服务契约:确保正确实现了API接口
  • 插件使用:评估before/after/around插件的实现
  • 事件观察者:审查事件分发模式
  • 数据库架构:验证db_schema.xml与升级脚本

Reporting Standards

报告标准

Severity Classification

严重程度分类

  • Critical: Security vulnerabilities, data loss risks, breaking changes
  • High: Performance issues, architectural problems, standards violations
  • Medium: Code quality issues, maintainability concerns
  • Low: Style preferences, minor optimizations
  • Critical(严重):安全漏洞、数据丢失风险、破坏性变更
  • High(高):性能问题、架构缺陷、标准违规
  • Medium(中):代码质量问题、可维护性隐患
  • Low(低):风格偏好、微小优化

Feedback Format

反馈格式

  • Provide specific code examples
  • Include recommended fixes
  • Reference Magento documentation links
  • Quantify performance implications where applicable
  • 提供具体的代码示例
  • 包含推荐的修复方案
  • 引用Magento文档链接
  • 尽可能量化性能影响

Best Practices Reference

最佳实践参考

Follow Adobe Commerce best practices:
CRITICAL: Always check project for coding standards files (phpcs.xml, .php-cs-fixer.php, .editorconfig) and enforce them rigorously.
遵循Adobe Commerce最佳实践:
CRITICAL(严重):务必检查项目中的编码标准文件(phpcs.xml、.php-cs-fixer.php、.editorconfig)并严格执行。