Claude Code How-To Guide

Code Review Checklist

Security Checklist

  • [ ] No hardcoded credentials or secrets
  • [ ] Input validation on all user inputs
  • [ ] SQL injection prevention (parameterized queries)
  • [ ] CSRF protection on state-changing operations
  • [ ] XSS prevention with proper escaping
  • [ ] Authentication checks on protected endpoints
  • [ ] Authorization checks on resources
  • [ ] Secure password hashing (bcrypt, argon2)
  • [ ] No sensitive data in logs
  • [ ] HTTPS enforced

Performance Checklist

  • [ ] No N+1 queries
  • [ ] Appropriate use of indexes
  • [ ] Caching implemented where beneficial
  • [ ] No blocking operations on main thread
  • [ ] Async/await used correctly
  • [ ] Large datasets paginated
  • [ ] Database connections pooled
  • [ ] Regular expressions optimized
  • [ ] No unnecessary object creation
  • [ ] Memory leaks prevented

Quality Checklist

  • [ ] Functions < 50 lines
  • [ ] Clear variable naming
  • [ ] No duplicate code
  • [ ] Proper error handling
  • [ ] Comments explain WHY, not WHAT
  • [ ] No console.logs in production
  • [ ] Type checking (TypeScript/JSDoc)
  • [ ] SOLID principles followed
  • [ ] Design patterns applied correctly
  • [ ] Self-documenting code

Testing Checklist

  • [ ] Unit tests written
  • [ ] Edge cases covered
  • [ ] Error scenarios tested
  • [ ] Integration tests present
  • [ ] Coverage > 80%
  • [ ] No flaky tests
  • [ ] Mock external dependencies
  • [ ] Clear test names
← Previous
Code Review Finding Template
Next →
API Documentation Generator Skill

Content rendered from Code Review Checklist on GitHub. Markdown is the single source of truth — re-run scripts/build_website.py after editing to refresh the site.