new | ask | show | jobs
shortrounddev2 4 days ago  [ - ]

Code review, to me, is not about validating the output. It's about a 2nd set of eyes to check for foot guns, best practice, etc. Code review is one step above linting and one step below unit tests, for me.

If someone were to submit this code for review:

    getUser(id: number): UserDTO {
        return this.mapToDTO(this.userModel.getById(id));
    }
and I knew that `userModel` throws an exception when it doesn't find a user (and this is typescript, not java, where exceptions are not declared in the method prototype) then I would tell them to wrap it in a try-catch. I would also probably tell them to change the return type to `UserDTO | null` or `Result<UserDTO>` depending on the pattern that we chose for the API. I don't need to know anything about the original ticket in order to point these things out, and linters most likely won't catch them. Another use for code review is catching potential security issues like SQL injection that the linter or framework can't figure out (i.e, using raw SQL queries in your ORM without prepared statements)
johann8384 2 days ago  [ - ]

This lines up with my experience, sometimes it is as simple as "Your way is fine, but we did it this other way over here, and over here, should we make it consistent, even if it is consistent but not as good" or as you pointed out, looking for footguns. I also like the supervillian model of "Show this to an average 5 year old and see what obvious flaw they point out".

mathieuh 3 days ago  [ - ]

Depends how good your QA is. Where I am it is terrible so most of the time I spend in “code review” is spent checking out the code locally and testing it myself.

shortrounddev2 3 days ago  [ - ]

Yes, this is all on paper. Where I work we don't have QA