I have put together this checklist, which I believe will be applicable to most backend code reviews.

Some of these checks, such as Code Style, should ideally be enforced and detected in the CI pipeline. However, I have included them here for the sake of completeness.

You can use this checklist as a starting point and customize it to suit your specific needs.

Code Style

  • Verify that the code adheres to the agreed-upon coding style guidelines.

Code Maintainability

  • Verify that the code adheres to the clean code principles (or any other agreed-upon principles).

Requirements

  • Verify that the code fulfills the specified requirements.
  • Verify that new code doesn’t break any existing functionality.

API Design

  • Verify that any new APIs adhere to the agreed-upon API design guidelines.

Documentation and Comments

  • Verify that complex logic or non-obvious decisions are covered by clear comments.
  • Verify that any required internal or external code documentation is provided, depending on your agreed-upon documentation processes.

Error Handling

  • Verify that exceptions are handled correctly and that error messages are informative.

Security

  • Verify that inputs are validated properly.
  • Verify that sensitive data (passwords, tokens) are securely stored and aren’t leaked to logs.
  • Examine the code for potential security vulnerabilities, such as SQL injection or authentication issues.

Dependencies

  • Verify that dependencies are up-to-date and don’t have known security vulnerabilities.
  • Verify that any breaking changes are handled when updating dependencies.

Logging

  • Verify that critical places in the code are covered by logs that are useful for debugging.
  • Verify that logging adheres to the agreed-upon logging guidelines.

Testing

  • Verify that the code is covered by the appropriate types of automated tests.

Performance

  • Evaluate the code for performance issues (memory, CPU, network).
  • Verify that database queries are optimized.

Version Control

  • Verify that the agreed-upon version control workflow and practices are followed.

Spelling

  • Verify that the spelling is correct, as this makes the code more searchable.

Conclusion

I hope you found this checklist useful. Please feel free to suggest additional checks that you think are necessary.