Back to Details

code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review Skill

代码审查技能

Automated code review and analysis tools.
自动化代码审查与分析工具。

When to Use

适用场景

  • Review code changes before commit
  • Check for security vulnerabilities
  • Analyze code complexity
  • Find bugs and issues
  • Enforce coding standards
  • 提交前审查代码变更
  • 检查安全漏洞
  • 分析代码复杂度
  • 查找Bug与问题
  • 强制执行编码规范

Pre-Commit Review

提交前审查

Git Diff Analysis

Git Diff 分析

bash
undefined
bash
undefined

See unstaged changes

See unstaged changes

git diff
git diff

See staged changes

See staged changes

git diff --cached
git diff --cached

See changes in specific file

See changes in specific file

git diff path/to/file
git diff path/to/file

See changes since last commit

See changes since last commit

git diff HEAD~1
git diff HEAD~1

Compare branches

Compare branches

git diff main..feature-branch
undefined
git diff main..feature-branch
undefined

Stage Selective Changes

选择性暂存变更

bash
undefined
bash
undefined

Interactive staging

Interactive staging

git add -i
git add -i

Stage specific hunks

Stage specific hunks

git add -p path/to/file
git add -p path/to/file

Stage specific files

Stage specific files

git add -u
undefined
git add -u
undefined

Static Analysis

静态分析

Linting

Linting 代码检查

bash
undefined
bash
undefined

ESLint (JavaScript/TypeScript)

ESLint (JavaScript/TypeScript)

npm run lint eslint .
npm run lint eslint .

ShellCheck (Shell scripts)

ShellCheck (Shell scripts)

shellcheck script.sh
shellcheck script.sh

hadolint (Dockerfiles)

hadolint (Dockerfiles)

hadolint Dockerfile
hadolint Dockerfile

yamllint (YAML files)

yamllint (YAML files)

yamllint .
yamllint .

jsonlint (JSON files)

jsonlint (JSON files)

jsonlint -c .jsonlintrc.json .
undefined
jsonlint -c .jsonlintrc.json .
undefined

Code Quality

代码质量检查

bash
undefined
bash
undefined

SonarQube (if configured)

SonarQube (if configured)

sonar-scanner
sonar-scanner

CodeClimate (if configured)

CodeClimate (if configured)

codeclimate analyze
codeclimate analyze

Complexity analysis

Complexity analysis

cloc --by-file .
undefined
cloc --by-file .
undefined

Security Scanning

安全扫描

bash
undefined
bash
undefined

npm audit

npm audit

npm audit
npm audit

Yarn audit

Yarn audit

yarn audit
yarn audit

Dependency check

Dependency check

npm outdated
npm outdated

GitHub security advisories

GitHub security advisories

gh api graphql -F query='{repository(owner:"owner",name:"repo"){vulnerabilityAlerts(first:10){nodes{packageName}}}}'
gh api graphql -F query='{repository(owner:"owner",name:"repo"){vulnerabilityAlerts(first:10){nodes{packageName}}}}'

secrets scanner

secrets scanner

git clone https://github.com/truffi/shellcheck
undefined
git clone https://github.com/truffi/shellcheck
undefined

Code Review Commands

代码审查命令

Check for Common Issues

检查常见问题

bash
undefined
bash
undefined

Find TODO/FIXME comments

Find TODO/FIXME comments

grep -r "TODO|FIXME|XXX|HACK" --include="*.js" .
grep -r "TODO|FIXME|XXX|HACK" --include="*.js" .

Find console.log

Find console.log

grep -r "console." --include="*.js" .
grep -r "console." --include="*.js" .

Find hardcoded passwords

Find hardcoded passwords

grep -rE "password|secret|api[_-]?key" --include="*.js" . | grep -v node_modules
undefined
grep -rE "password|secret|api[_-]?key" --include="*.js" . | grep -v node_modules
undefined

File Statistics

文件统计

bash
undefined
bash
undefined

Lines of code by file

Lines of code by file

find . -name "*.js" -exec wc -l {} + | sort -n
find . -name "*.js" -exec wc -l {} + | sort -n

Count functions

Count functions

find . -name "*.js" -exec grep -l "function|=>" {} + | wc -l
undefined
find . -name "*.js" -exec grep -l "function|=>" {} + | wc -l
undefined

GitHub PR Reviews

GitHub PR 审查

Get PR Information

获取PR信息

bash
undefined
bash
undefined

Get PR diff

Get PR diff

gh pr diff 55 --repo owner/repo
gh pr diff 55 --repo owner/repo

Get PR files

Get PR files

gh pr view 55 --json files --repo owner/repo
gh pr view 55 --json files --repo owner/repo

Get PR reviews

Get PR reviews

gh pr view 55 --json reviews --repo owner/repo
undefined
gh pr view 55 --json reviews --repo owner/repo
undefined

Review Checklist

审查检查清单

bash
#!/bin/bash
bash
#!/bin/bash

Code review checklist script

Code review checklist script

echo "=== Code Review Checklist ===" echo ""
echo "=== Code Review Checklist ===" echo ""

Check for TODO/FIXME

Check for TODO/FIXME

TODOS=$(grep -r "TODO|FIXME" --include="*.js" . | wc -l) echo "TODO/FIXME comments: $TODOS"
TODOS=$(grep -r "TODO|FIXME" --include="*.js" . | wc -l) echo "TODO/FIXME comments: $TODOS"

Check for console.log

Check for console.log

LOGS=$(grep -r "console.log" --include="*.js" . | wc -l) echo "Console logs: $LOGS"
LOGS=$(grep -r "console.log" --include="*.js" . | wc -l) echo "Console logs: $LOGS"

Check for hardcoded secrets

Check for hardcoded secrets

SECRETS=$(grep -rE "password|secret|api[_-]?key" --include="*.js" . | grep -v node_modules | wc -l) echo "Potential secrets: $SECRETS"
SECRETS=$(grep -rE "password|secret|api[_-]?key" --include="*.js" . | grep -v node_modules | wc -l) echo "Potential secrets: $SECRETS"

Check test coverage

Check test coverage

echo "" echo "Run: npm test -- --coverage"
echo "" echo "Run: npm test -- --coverage"

Check linting

Check linting

echo "" echo "Run: npm run lint"
undefined
echo "" echo "Run: npm run lint"
undefined

Automated Review Scripts

自动化审查脚本

Pre-commit Hook

提交前钩子(Pre-commit Hook)

bash
undefined
bash
undefined

.git/hooks/pre-commit

.git/hooks/pre-commit

#!/bin/bash
#!/bin/bash

Run linting

Run linting

npm run lint if [ $? -ne 0 ]; then echo "Linting failed" exit 1 fi
npm run lint if [ $? -ne 0 ]; then echo "Linting failed" exit 1 fi

Run tests

Run tests

npm test if [ $? -ne 0 ]; then echo "Tests failed" exit 1 fi
undefined
npm test if [ $? -ne 0 ]; then echo "Tests failed" exit 1 fi
undefined

GitHub Actions Review

GitHub Actions 自动化审查

yaml
name: Code Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Run linter
        run: npm run lint
      
      - name: Run tests
        run: npm test
      
      - name: Security audit
        run: npm audit

      - name: Build
        run: npm run build
yaml
name: Code Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Run linter
        run: npm run lint
      
      - name: Run tests
        run: npm test
      
      - name: Security audit
        run: npm audit

      - name: Build
        run: npm run build

Best Practices

最佳实践

  1. Review small changes - Large PRs are hard to review thoroughly
  2. Check tests - Ensure new code has tests
  3. Look for bugs - Common issues: null checks, error handling, edge cases
  4. Check security - No secrets, validate inputs, use parameterized queries
  5. Check performance - N+1 queries, unnecessary loops, memory leaks
  6. Check readability - Clear naming, comments for complex logic
  7. Check architecture - Follow project patterns, proper separation
  1. 审查小型变更 - 大型PR难以全面审查
  2. 检查测试 - 确保新代码配有测试用例
  3. 查找Bug - 常见问题:空值检查、错误处理、边界情况
  4. 检查安全性 - 无硬编码密钥、验证输入、使用参数化查询
  5. 检查性能 - N+1查询、不必要的循环、内存泄漏
  6. 检查可读性 - 清晰的命名、复杂逻辑添加注释
  7. 检查架构 - 遵循项目模式、合理的职责分离

Notes

注意事项

  • Use 
    git show
    to see what changed in a specific commit
  • Use 
    git blame
    to see who changed each line
  • Use 
    git stash
    to save work in progress
  • Thepopebot can perform code reviews using LLM analysis
  • 使用 
    git show
    查看特定提交的变更内容
  • 使用 
    git blame
    查看每行代码的修改者
  • 使用 
    git stash
    保存正在进行的工作
  • Thepopebot 可通过LLM分析执行代码审查