20 questions for a valuable code review

Published on December 28, 2021
This is a foundational series article. Read more here

I recently had an interesting discussion around the value of doing code reviews and the value of mandatory code reviews.

I think code reviews are extremely valuable and should be done by most organisations and teams.

A valuable code review will

  • pass institutional knowledge around the org
  • help all engineers grow their skills
  • maintain quality in the face of all the other time pressures your team faces

But how do you keep a code review valuable?

  1. Automate instead of PR checklists
  2. Focus on code readability and functional correctness

Automate instead of PR checklists

Anything that can be automated must be automated. Engineers are expensive! Don’t waste your time on code formatting or spell checking if at all possible.

It’s OK to have some checklists in a PR template but you should always be actively working to remove checklist items through automation or engineering culture.

20 code readability and functional correctness code review questions

  1. Is the intent clear?
  2. Is there needless duplication?
  3. Could existing code have solved this?
  4. Is this an atomic commit?
  5. Could this be simpler?
  6. Are there obvious logic issues?
  7. Does it need tests?
  8. Are the tests comprehensive and clear?
  9. Are there any security issues or considerations?
  10. Are there any accessibility considerations?
  11. Are there any PII considerations?
  12. Is it instrumented? Are there relevant analytics? Are there relevant production logs?
  13. Are there revert scripts for database changes?
  14. Is the database work ACID? Is it transactioned sensibly?
  15. Does this feature need to be turned off in the future?
  16. Is it easy to turn it off?
  17. How easy is it to delete the feature code as a whole entity?
  18. Does the code respect Command-Query separation?
  19. If DDD - Are there well defined aggregate roots, value objects, enumerations?
  20. Will there be any issues recovering from a transient failure? Is the solution distributed in an unexpected way?

A note on “nits”

In general I do not look for coding style, syntax I don’t like, styling or spelling errors in a code review.

If these things are important to your team then just use your CI system to detect and fix issues automatically.

In typescript/javascript we have ESlint, Prettier and Vale to detect and fix issues automatically. There will be similar tooling for your language and framework of choice.

Consistency IS important. If an entire code base is using some syntax but you prefer a different syntax that is functionally the same, you should use the existing syntax unless the entire team agrees with you and there is a plan to change the code everywhere.

A note on mandatory code reviews

The PR system developed by GitHub was for Open Source contributions by distributed teams. Mandatory PRs might not be relevant for a team with consistent levels of engineering capability and knowledge of the system.

I do feel that if code reviews are mandatory it means they won’t be bypassed when the pressure is on.

When the team under pressure is when you really need code reviews the most. If some software is forcing one positive code review then a single developer can’t be pressured into putting dodgy code out to customers.


Code reviews that focus on finding nits, syntax you don’t like, spelling errors and things like that are not a valuable use of your time. Automate these with tooling instead.

Code reviews that focus on code readability and functional correctness are extremely valuable to the entire organisation, long after you have moved on to another project.

If you don’t enjoy code reviews, try changing their purpose and start evangelising what a good code review looks like.

Darragh ORiordan

Hi! I'm Darragh ORiordan.

I live and work in Sydney, Australia building and supporting happy teams that create high quality software for the web.

I also make tools for busy developers! Do you have a new M1 Mac to setup? Have you ever spent a week getting your dev environment just right?

My Universal DevShell tooling will save you 30+ hours of configuring your Windows or Mac dev environment with all the best, modern shell and dev tools.

Get DevShell here: ✨ https://devshell.darraghoriordan.com

Read more articles like this one...

List of article summaries


Building an AI generated game with Stable Diffusion and data from Wikipedia

Last week I released a game called Doodle:ai.

In the game you’re shown AI generated images and you have to guess the Wikipedia topic it used to create the game.


Easiest way to optimise images for web

Here is how I optimise all pngs and jpgs in a folder for publishing to the web.


Start tracking DORA metrics for your team in just 15 minutes with Apache Dev Lake

DORA (DevOps Research and Assessment) metrics are an excellent way for engineering organisations to measure and improve their performance.

Up until now, monitoring the DORA metrics across Github, Jira, Azure Devops etc required custom tooling or a tedious manual process.

With Apache Dev Lake you can get beautiful reporting for DORA metrics on your local machine in as little as 15 minutes (honestly!).

From Google Sheets to Grafana
From Google Sheets to Grafana


A summary of NDC Sydney 2022 Developer Conference

I attended my first in-person conference for more than 3 years last week! NDC is one of the more well-known developer conferences in Australia and New Zealand. It’s a 5 day conference with 3 days of talks and 2 days of workshops.

There’s so much to learn across all the streams so I try to take notes for each of the talks to quickly reference them later. This post contains all my notes. I’ll add the relevant videos to talks later if they’re released.

A reminder that these notes are just my notes. They’re paraphrased and summarised from what the speaker actually said. Each speakers would have provided must more clarity and went into more detail during their pressos!