Code Review

代码审查

Review Categories

审查分类

1. Security Review

1. 安全性审查

Check for:

SQL injection vulnerabilities
XSS (Cross-Site Scripting)
Command injection
Insecure deserialization
Hardcoded secrets/credentials
Improper authentication/authorization
Insecure direct object references

检查内容：

SQL injection漏洞
XSS（跨站脚本攻击）
Command injection
不安全的反序列化
硬编码密钥/凭证
身份验证/授权不当
不安全的直接对象引用

2. Performance Review

2. 性能审查

Check for:

N+1 queries
Missing database indexes
Unnecessary re-renders (React)
Memory leaks
Blocking operations in async code
Missing caching opportunities
Large bundle sizes

检查内容：

N+1查询
缺失数据库索引
React不必要的重渲染
内存泄漏
异步代码中的阻塞操作
缺失缓存机会
过大的包体积

3. Code Quality Review

3. 代码质量审查

Check for:

Code duplication (DRY violations)
Functions doing too much (SRP violations)
Deep nesting / complex conditionals
Magic numbers/strings
Poor naming
Missing error handling
Incomplete type coverage

检查内容：

代码重复（违反DRY原则）
函数职责过多（违反SRP原则）
深层嵌套/复杂条件判断
魔法数字/字符串
命名不规范
缺失错误处理
类型覆盖不完整

4. Testing Review

4. 测试审查

Check for:

Missing test coverage for new code
Tests that don't test behavior
Flaky test patterns
Missing edge cases
Mocked external dependencies

检查内容：

新代码缺失测试覆盖
未验证业务逻辑的测试
不稳定测试模式
缺失边界用例
外部依赖的模拟

Review Output Format

审查输出格式

markdown

undefined

markdown

undefined

Code Review Summary

代码审查总结

🔴 Critical (Must Fix)

🔴 严重问题（必须修复）

[File:Line] [Issue description]
- Why: [Explanation]
- Fix: [Suggested fix]

[文件:行号] [问题描述]
- 原因： [解释说明]
- 修复建议： [推荐方案]

🟡 Suggestions (Should Consider)

🟡 优化建议（建议考虑）

[File:Line] [Issue description]
- Why: [Explanation]
- Fix: [Suggested fix]

[文件:行号] [问题描述]
- 原因： [解释说明]
- 修复建议： [推荐方案]

🟢 Nits (Optional)

🟢 细微优化（可选）

[File:Line] [Minor suggestion]

[文件:行号] [微小改进建议]

✅ What's Good

✅ 优秀实践

[Positive feedback on good patterns]

undefined

[对良好代码模式的正面反馈]

undefined

Common Patterns to Flag

需要标记的常见模式

Security

安全性

javascript

// BAD: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);

javascript

// 不良示例：SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// 良好示例：参数化查询
const query = 'SELECT * FROM users WHERE id = $1';
await db.query(query, [userId]);

Performance

性能

javascript

// BAD: N+1 query
users.forEach(async user => {
  const posts = await getPosts(user.id);
});

// GOOD: Batch query
const userIds = users.map(u => u.id);
const posts = await getPostsForUsers(userIds);

javascript

// 不良示例：N+1查询
users.forEach(async user => {
  const posts = await getPosts(user.id);
});

// 良好示例：批量查询
const userIds = users.map(u => u.id);
const posts = await getPostsForUsers(userIds);

Error Handling

错误处理

javascript

// BAD: Swallowing errors
try {
  await riskyOperation();
} catch (e) {}

// GOOD: Handle or propagate
try {
  await riskyOperation();
} catch (e) {
  logger.error('Operation failed', { error: e });
  throw new AppError('Operation failed', { cause: e });
}

javascript

// 不良示例：忽略错误
try {
  await riskyOperation();
} catch (e) {}

// 良好示例：处理或抛出错误
try {
  await riskyOperation();
} catch (e) {
  logger.error('操作失败', { error: e });
  throw new AppError('操作失败', { cause: e });
}

code-review

Original

Translation

Code Review

代码审查

Review Categories

审查分类

1. Security Review

1. 安全性审查

2. Performance Review

2. 性能审查

3. Code Quality Review

3. 代码质量审查

4. Testing Review

4. 测试审查

Review Output Format

审查输出格式

Code Review Summary

代码审查总结

🔴 Critical (Must Fix)

🔴 严重问题（必须修复）

🟡 Suggestions (Should Consider)

🟡 优化建议（建议考虑）

🟢 Nits (Optional)

🟢 细微优化（可选）

✅ What's Good

✅ 优秀实践

Common Patterns to Flag

需要标记的常见模式

Security

安全性

Performance

性能

Error Handling

错误处理

Review Checklist

审查检查清单