20 questions for a valuable code review

Published on December 28, 2021
This is a foundational series article. Read more here

I recently had an interesting discussion around the value of doing code reviews and the value of mandatory code reviews.

I think code reviews are extremely valuable and should be done by most organisations and teams.

A valuable code review will

  • pass institutional knowledge around the org
  • help all engineers grow their skills
  • maintain quality in the face of all the other time pressures your team faces

But how do you keep a code review valuable?

  1. Automate instead of PR checklists
  2. Focus on code readability and functional correctness

Automate instead of PR checklists

Anything that can be automated must be automated. Engineers are expensive! Don’t waste your time on code formatting or spell checking if at all possible.

It’s OK to have some checklists in a PR template but you should always be actively working to remove checklist items through automation or engineering culture.

20 code readability and functional correctness code review questions

  1. Is the intent clear?
  2. Is there needless duplication?
  3. Could existing code have solved this?
  4. Is this an atomic commit?
  5. Could this be simpler?
  6. Are there obvious logic issues?
  7. Does it need tests?
  8. Are the tests comprehensive and clear?
  9. Are there any security issues or considerations?
  10. Are there any accessibility considerations?
  11. Are there any PII considerations?
  12. Is it instrumented? Are there relevant analytics? Are there relevant production logs?
  13. Are there revert scripts for database changes?
  14. Is the database work ACID? Is it transactioned sensibly?
  15. Does this feature need to be turned off in the future?
  16. Is it easy to turn it off?
  17. How easy is it to delete the feature code as a whole entity?
  18. Does the code respect Command-Query separation?
  19. If DDD - Are there well defined aggregate roots, value objects, enumerations?
  20. Will there be any issues recovering from a transient failure? Is the solution distributed in an unexpected way?

A note on “nits”

In general I do not look for coding style, syntax I don’t like, styling or spelling errors in a code review.

If these things are important to your team then just use your CI system to detect and fix issues automatically.

In typescript/javascript we have ESlint, Prettier and Vale to detect and fix issues automatically. There will be similar tooling for your language and framework of choice.

Consistency IS important. If an entire code base is using some syntax but you prefer a different syntax that is functionally the same, you should use the existing syntax unless the entire team agrees with you and there is a plan to change the code everywhere.

A note on mandatory code reviews

The PR system developed by GitHub was for Open Source contributions by distributed teams. Mandatory PRs might not be relevant for a team with consistent levels of engineering capability and knowledge of the system.

I do feel that if code reviews are mandatory it means they won’t be bypassed when the pressure is on.

When the team under pressure is when you really need code reviews the most. If some software is forcing one positive code review then a single developer can’t be pressured into putting dodgy code out to customers.


Code reviews that focus on finding nits, syntax you don’t like, spelling errors and things like that are not a valuable use of your time. Automate these with tooling instead.

Code reviews that focus on code readability and functional correctness are extremely valuable to the entire organisation, long after you have moved on to another project.

If you don’t enjoy code reviews, try changing their purpose and start evangelising what a good code review looks like.

Darragh ORiordan

Hi! I'm Darragh ORiordan.

I live and work in Sydney, Australia building and supporting happy teams that create high quality software for the web.

I also make tools for busy developers! Do you have a new M1 Mac to setup? Have you ever spent a week getting your dev environment just right?

My Universal DevShell tooling will save you 30+ hours of configuring your Windows or Mac dev environment with all the best, modern shell and dev tools.

Get DevShell here: ✨ https://usemiller.dev/dev-shell

Read more articles like this one...

List of article summaries


How to add canonical meta tag in NextJs

It’s important to add a canonical meta tag to your pages to improve SEO or to avoid issues with query params in crawled pages.

You can easily add a canonical meta tag in NextJs by using the next/head component.


Open Telemetry in NextJs and NestJs

I wrote about how to use open telemetry with NestJs and React previously.

I wanted to add open telemetry to my NextJs app that calls a NestJs backend. The paradigm of SSR preferred by NextJs is a bit different than the CSR paradigm of React.

I’ll describe the differences and how I added open telemetry to NextJs that propagates to other backend APIs.


Comparing next start and next standalone with docker

I wrote about how to use nextjs with docker.

I wanted to compare using next standalone like in the article and just using next start.


Force RSA key support for Azure DevOps Git SSH

If you’re using Azure DevOps Git SSH you have to use an RSA key. This is because Azure DevOps doesn…