Code Review Best Practices

100 lines of code: reviewed in 10 minutes. 1000 lines of code: reviewed never. Code reviews exist to catch bugs, improve maintainability, and help teams write better software together. But most engineers treat them like assignments to pass instead of collaborative checkpoints. That mindset kills the process before it starts. ➧ When you're submitting a PR: 1. Keep it small Aim for 10-100 lines of code per pull request. Past 100 lines, reviewers start skimming. Past 500, they stop caring entirely. Large PRs are harder to review, take longer to approve, and make it nearly impossible to catch real bugs. Break your work into isolated, logical chunks. Yes, it's more work upfront. But it ships faster. 2. Write a description Give context. Always. Your reviewer might be on a different team, in a different timezone, or new to the codebase. Don't make them guess what you're solving. If you're fixing a bug, explain what broke and link to the ticket. If it's a visual change, add before/after screenshots. If you ran a script that generated code, paste the exact command you used. Context turns a confusing diff into a clear story. 3. Leave preemptive comments If part of your diff looks unrelated to the main logic, explain it before your reviewer asks. "Fixed a typing issue here while working on the main feature." "This file got reformatted by the linter, no logic changes." These small clarifications save back-and-forth and show you're thinking about the reviewer's experience. ➧ When you're reviewing a PR: 1. Be overwhelmingly clear Unclear comments leave people stuck. If you're making a suggestion but don't feel strongly, say it: "This could be cleaner, but use your judgment." If you're just asking a question, mark it: "Sanity check, is this intentional? Non-blocking, just curious." Over-communicate your intent. Especially with remote teams or people you don't know well. 2. Establish approval standards with your team Decide as a team when to approve vs. block a PR. At Amazon and now at Nielsen, we approve most PRs even with 10+ comments because we trust teammates to address feedback. The only exception: critical bugs that absolutely can't go to production. Without clear standards, people feel blocked by style comments and approvals feel arbitrary. Talk to your team. Set the rules. Stick to them. 3. Know when to go offline Some conversations don't belong in PR comments. If the code needs a major rewrite, if there's a design disagreement, or if you're about to write a paragraph, stop. Ping your teammate directly. Have a quick call. Save everyone time. Leave a comment like "Let's discuss this offline" so they know you're not ignoring it.

In the last 11 years of my career, I’ve participated in code reviews almost daily. I’ve sat through 100s of review sessions with seniors and colleagues. Here’s how to make your code reviews smoother, faster and easier: 1. Start with Small, Clear Commits    - Break your changes into logical, manageable chunks. This makes it easier for reviewers to focus and catch errors quickly. 2. Write Detailed PR Descriptions    - Always explain the “why” behind the changes. This provides context and helps reviewers understand your thought process. 3. Self-Review Before Submitting    - Take the time to review your own code before submitting. You'll catch a lot of your own mistakes and improve your review quality. 4. Ask for Specific Feedback    - Don’t just ask for a “review”—be specific. Ask for feedback on logic, structure, or potential edge cases. 5. Don’t Take Feedback Personally    - Code reviews are about improving the code, not critiquing the coder. Be open to constructive criticism and use it to grow. 6. Prioritize Readability Over Cleverness    - Write code that’s easy to understand, even if it’s less “fancy.” Simple, clear code is easier to maintain and review. 7. Focus on the Big Picture    - While reviewing, look at how changes fit into the overall system, not just the lines of code. Think about long-term maintainability. 8. Encourage Dialogue    - Reviews shouldn’t be a one-way street. Engage in discussions and collaborate with reviewers to find the best solution. 9. Be Explicit About Non-Blocking Comments    - Mark minor suggestions as “nitpicks” to avoid confusion. This ensures critical issues get addressed first. 10. Balance Praise and Criticism    - Acknowledge well-written code while offering suggestions for improvement. Positive feedback encourages better work. 11. Always Follow Up    - If you request changes or leave feedback, follow up to make sure the feedback is understood and implemented properly. It shows you’re invested in the process. -- P.S: What would you add from your experience?

Most of us review code in the wrong order. We spot a missing test or a style inconsistency before even asking whether the code is correct. We should think about it differently. The first question should always be: Does this code do what it is supposed to do? If the answer is no, nothing else matters. Style, structure, tests - all secondary to correctness. Once you are confident it is correct, ask if it is clear. Can someone else (or you, six months from now) understand what is happening and why? Clarity in code helps ensure it does not become a liability. Then check whether it matches the style and conventions, because inconsistencies add cognitive load for everyone who reads the codebase afterward. After that, look for duplication. Is this solving a problem that is already solved somewhere else? Could this be a shared utility? Finally, ask whether it is well tested. Not just "are there tests" (non-sensical ones), but do the tests actually cover the meaningful cases? Correctness. Clarity. Style. Deduplication. Tests. In that order, every time. Hope this helps.

TIPS FOR YOUR INTERNSHIPS AND NEW GRAD POSITIONS - 2024 EDITION There are some things you learn better once the roles are reversed: I learned the importance of a good pull request (PR) once I started reviewing them myself. Here is a checklist you can refer to: 1. Getting your work reviewed doesn't shift the responsibility of catching issues to your reviewers. The prime responsibility of ensuring your work is defect-free and won't cause problems in prod is always on you, the author. The code review process is a guardrail, but don't treat it as a crutch: 'I'll have a senior engineer review my work, so I don't have to worry about testing the edge cases, they'll catch those.' This is the wrong mentality to create a PR with. If all your PRs involve reviewers pointing out edge cases, you're not doing your job diligently. 2. Document your PRs properly. Provide context, and don't take this for granted. Just because someone reviews your PR doesn't mean they'll have the complete background. Include the WHAT, WHY, and HOW. WHAT: Provide background on the issue. Example: this PR fixes an uncaught exception (include details about the exception). WHY - Why is this fix necessary? Example: the fix is needed because it helps prevent the app from crashing unexpectedly because of the uncaught exception. HOW - Example: It's fixed by encapsulating this block of code within a try-catch and logging the error. 3. Add instructions on how to reproduce the error and verify the fix locally. 4. For UI changes, including screenshots of before and after can be helpful. 5. Add tests! You'd be surprised how often this step is forgotten. 6. Keep the PR small, so it's easy to review. The usual guideline is less than 250 lines of code per PR. If it's too large, break it down into multiple PRs. 7. Review it first yourself. You'd be surprised by how many print statements you'll find that you forgot to clean up. 8. Assign the right reviewers. 9. Call out things you want to bring specific attention to, and you can cc specific people. 10. You don't have to necessarily agree with every piece of feedback provided - if there's something you feel strongly about, feel free to discuss it. If the discussion is getting too long, consider switching to a different medium - my goto is to jump on a quick call. 11. Give people enough time to review large PRs. If you're planning on merging a big feature on Friday afternoon (which isn't a great idea to begin with), don't create the PR on Thursday evening. There can be exceptions to this rule, but rushed reviews should be avoided. In the worst case, keep in mind that your PR could be reverted, which is why keeping the PR detailed is necessary. Got any more suggestions? Drop them in the comments below! #softwareengineering #technology

Code review is useless when AI writes the code. Over the last 6 months, Claude Code and Cursor went from "that thing some people use" to "how we write 80% of our code." Three months in, we shipped a bug that brought down most of our services. The engineer trusted AI's belief more than their own understanding. That changed everything. We used to review for correctness, readability, edge cases. Now those questions miss the point. Here's what I actually check: 1. Can the engineer explain it? I ask: "Walk me through this." If they can't, we pair until they can. The biggest risk isn't bad code, it's code the author can't debug at 2am when customers are affected. 2. Did AI miss our context? AI doesn't know we're owners of core financial platforms. "Did this consider our compliance / security requirements?" 3. Is this over-engineered? AI loves abstractions. It'll build you a factory pattern when you need a function. I look for unnecessary complexity that'll hurt us in 6 months. 4. What did the human contribute? The best PRs show clear judgment on top of AI output. That's the skill that matters now. Code review in 2025 isn't about catching syntax errors. AI does (more than) that. It's about ensuring the human made real decisions. The engineers who thrive with AI aren't the ones who use it the most. They're the ones who know when NOT to use what it suggests. That's what I'm screening for. Would you ship code your engineer(s) can't explain? Why or why not?

3:47 AM on a Tuesday. My phone buzzes. PagerDuty alert. The system is down. I scramble to my laptop. Database connections maxed out. API timeouts everywhere. Users can't access the service. We get it back up. Block the offending caller. System stabilizes. The post-mortem hits differently. Two experienced engineers reviewed the PR. Tests passed. Code worked exactly as specified. But nobody asked one question: "How would someone abuse this?" That single question would have saved us. One line of code. Five minutes. Crisis prevented. Here's what I learned after years of causing (and fixing) production incidents: Code review isn't about what to check. It's about how you think. Most engineers do one of two things: • Rubber-stamp with "LGTM" • Spend hours arguing about formatting Both miss the real problems. I tried comprehensive checklists. Ran formal review sessions. Eventually everyone burned out. Then I found something that actually works. Three focused passes. Each with a different persona. Each asking different questions. Pass 1: Does it work and make sense? Pass 2: Can we live with this code in six months? Pass 3: How would I break this? I wrote the full breakdown of the three-pass system, including exactly what to look for in each pass and how AI can help. https://lnkd.in/ehSMw8ka

Most code reviews look productive… But it secretly costs teams weeks of engineering time. I learned this the hard way. Years ago, we shipped a feature that passed 4 code reviews, unit tests, and CI. Everything looked green. A tiny, silent failure took down reporting for an entire customer segment. The root cause? The review focused on style, not stability. That’s when I realized: - Formatting doesn’t break production. - Unhandled edge cases do. Since then, I look for 4 things in every review: 1. Functionality & correctness 2. Readability & clarity 3. Performance & efficiency 4. Security & stability (See the visual checklist attached 👇) Here’s the uncomfortable truth: If your feedback is mostly naming suggestions and spacing nitpicks, you’re not reviewing code… you’re formatting it. And if your review can’t answer: Will this break when traffic spikes 10x? Can we debug this at 2 AM? Is sensitive data protected? …you approved risk, not code. Great code reviews: ✅ prevent future outages ✅ reduce cognitive load ✅ scale with team growth ✅ make onboarding faster ✅ catch invisible regressions Bad reviews: - block velocity - create ego battles - confuse juniors - ship technical debt faster Remember: The goal isn’t to write perfect code. The goal is to ship code you can live with in production. Your turn: What’s the most underrated thing YOU look for in a code review? I’ll reply to every comment. P.S. If you want fewer escaped bugs and faster feedback loops, let's talk. 

9 code review practices your team should follow to go from Good → Great projects. (these helped my team deliver 100s of projects without wasting hours fixing bugs) 🟢As a team: ➡️Establish goals and expectations beforehand: for example: + functional correctness + algorithmic efficiency + improving code quality + ensuring code standards are met ➡️Use code review tools Use: (GitHub PRs, GitLab MRs, and Atlassian Crucible). + easily track changes + streamline the review process ➡️Automate code checks:  It will help you to: + find syntax errors + avoid common issues + reduce code style violations and potential bugs. 🟡As a reviewer: ➡️Start early, review often:  do this to: + catch issues early + prevent technical debt + ensure that code meets project requirements. ➡️Keep reviews small and focused:  you get: + an easier process + shorter turnaround time. + better collaboration in the team ➡️Balance speed and thoroughness:  + do comprehensive reviews  + but avoid excessive nitpicking ➡️Give constructive feedback: always be: + specific, actionable, and respectful + focus on improvement rather than criticizing.  + make a space for open communication to answer questions & give clarifications. 🟠As a reviewee: ➡️follow up on feedback:  + don’t take the comments personally + actively work on feedback after the session + make necessary revisions and follow up to confirm ➡️Follow coding standards:  focus on improving: + readability + maintainability Remember - mutual respect during the code reviews is crucial for a great team culture! – P.S: If you’re a Sr. Software engineer looking to become a Tech Lead or manager. I’m doing a webinar soon. Stay tuned :)

I don’t think the main primary purpose of code reviews is to catch bugs. Most dev do. They’ll tell you reviews are about quality control. But I disagree. The most valuable part of a code review is knowledge transfer. Here's why: - Developers usually test their code before opening a PR - Most teams already use linters, static analysis, and CI to catch issues What teams do not do enough of is share why the code was written a certain way and capture architectural decisions so future engineers understand the tradeoffs On a fast moving distributed team it is impossible for everyone to be in every call or track every ticket. Code reviews become the last line of defense for distributing knowledge Here are 4 ways to make code reviews a knowledge sharing superpower: 1. Always explain the “why” behind your code, not just the “what" 2. Document architectural decisions either in the PR itself or by linking to an ADR 3. Summarize the PR in plain English so anyone can quickly understand what changed and why 4. If a decision was made in Slack or a meeting, record it in the PR so it is not lost

Code reviews are broken. These 2 simple rules will fix them. After thousands of PRs, I've seen the same disasters repeat. Now with AI generating more code than ever, this matters even more. Rule 1️⃣: Minimize response time Not quick approval. Quick engagement. One hour delay? Minor context loss. One day? Momentum dies. One week? Starting from scratch. The author's blocked. You're not. Every hour costs brain-cache they can't get back. Rule 2️⃣: Every comment needs a "because" clause Never: "Please use dependency injection" Always: "Please use dependency injection because it makes testing isolated" Can't write the because? Don't write the comment. The harsh reality: Senior engineers set the culture. Take 2 days to review? Everyone else will too. Even for one-line changes. I've watched teams transform just by responding within hours, not days. And watched others die from review paralysis. The smartest part? This isn't about being nice. It's about shipping faster without sacrificing quality. What's your team's average review response time? Mine was 3 days. Now it's 3 hours. The difference is staggering. ♻️ Repost if your team needs to read this before Monday's sprint