# code-review > Provides structured code review guidelines for TypeScript projects. Use when reviewing pull requests, analyzing code quality, or suggesting improvements. - Author: jonnyamsp - Repository: Agentz360/secure-mastra - Version: 20260210040322 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-10 - Source: https://github.com/Agentz360/secure-mastra - Web: https://mule.run/skillshub/@@Agentz360/secure-mastra~code-review:20260210040322 --- --- name: code-review description: Provides structured code review guidelines for TypeScript projects. Use when reviewing pull requests, analyzing code quality, or suggesting improvements. license: MIT --- # Code Review Guidelines ## Overview This skill provides structured guidelines for reviewing TypeScript code. Apply these standards when reviewing pull requests, analyzing code quality, or suggesting improvements. **Keywords**: code review, pull request, PR review, TypeScript, code quality, best practices, refactoring ## Review Checklist ### 1. Code Correctness **Before approving, verify:** - [ ] Logic is correct and handles edge cases - [ ] Error handling is appropriate - [ ] No obvious bugs or race conditions - [ ] Tests cover the changes adequately ### 2. Code Quality **Check for:** - [ ] Clear, descriptive variable and function names - [ ] Functions do one thing well (single responsibility) - [ ] No excessive nesting (max 3 levels) - [ ] DRY - no unnecessary duplication - [ ] YAGNI - no speculative features ### 3. TypeScript Specific **Ensure:** - [ ] Proper type annotations (avoid `any`) - [ ] Interfaces/types defined for complex objects - [ ] Generics used appropriately - [ ] Null/undefined handled safely - [ ] `strict` mode compatible ### 4. Performance **Look for:** - [ ] Unnecessary re-renders (React) - [ ] Missing memoization for expensive operations - [ ] Inefficient loops or data structures - [ ] Memory leaks (event listeners, subscriptions) ## Review Comments ### Comment Format Use this format for review comments: ``` [severity]: brief description Why: explanation of the issue Suggestion: how to fix it (with code if helpful) ``` **Severity levels:** - `[critical]` - Must fix before merge - `[suggestion]` - Recommended improvement - `[nit]` - Minor style preference - `[question]` - Need clarification ### Example Comments **Good comment:** ``` [suggestion]: Consider extracting this validation logic Why: This 15-line validation block is hard to test in isolation Suggestion: Move to a `validateUserInput(data)` function ``` **Bad comment:** ``` This is wrong, fix it. ``` ## Common Issues ### Anti-patterns to Flag 1. **God functions** - Functions over 50 lines doing multiple things 2. **Prop drilling** - Passing props through 3+ component levels 3. **Magic numbers** - Unexplained literal values 4. **Catch-all error handling** - `catch(e) { console.log(e) }` 5. **Implicit any** - Missing type annotations on function parameters ### Security Concerns Always flag: - SQL/NoSQL injection vulnerabilities - XSS opportunities (unsanitized user input in DOM) - Hardcoded secrets or API keys - Insecure randomness for security contexts - Missing input validation on API endpoints ## Approval Guidelines ### Approve When - All critical issues resolved - Tests pass - Code meets team standards - No security concerns ### Request Changes When - Critical bugs found - Security vulnerabilities present - Missing required tests - Significant performance issues ### Leave Comments When - Minor improvements possible - Design alternatives worth discussing - Documentation could be clearer