That fear when you get your first code review? Everyone goes through it. A practical guide covering everything from writing review-friendly PRs to giving constructive feedback and building a healthy review culture.
The code works, so why did I fail? What reviewers actually look for in take-home assignments and live coding sessions.
Does a developer really need to study every weekend? We explore the difference between 'Tutorial Hell' and 'Just-in-Time Learning'. Learn how to filter noise, build T-shaped skills, and maintain passion in a fast-paced tech industry without sacrificing your mental health.
Developer journals are more than notes. Recording what you learned, where you got stuck, and why you made certain decisions measurably accelerates growth. Here's how to write them, what tools to use, and how to turn them into blog posts.
AI coding tools are now part of daily development. This post honestly examines what skills are becoming more valuable, what's becoming less critical, and how to stay relevant in a world where the AI writes the code.
That fear when your first code review lands. The notification pops up and your stomach drops. "Is my code terrible?", "Will they judge me for not knowing this?", "Why are there so many comments?"
Here's the thing: code review is collaboration, not combat. The reviewer was once nervous too. Everyone wants the same thing — better code. I wish I'd understood that earlier.
This is what I've learned as both a reviewee and, later, as a reviewer.
Think of opening a PR not as dropping code on someone, but as writing a letter to a colleague. Context-free code dumps force the reviewer to start with "what even is this?" A friendly PR description cuts review time in half.
A good PR description includes:
## Summary
Added user profile image upload feature
## Why This Approach
- Chose S3 over Cloudinary: already on AWS, reduces costs
- 5MB file size limit: average profile images are under 2MB
## How to Test
1. Log in, navigate to /profile
2. Click the upload button
3. Select an image under 5MB → expect success message
4. Select an image over 5MB → expect error message
## Screenshots
[Before] / [After]
## Related Issues
Closes #123
This feels like overhead but reviewers love it — they can dive straight into reviewing logic instead of reverse-engineering intent.
Would you rather check out 100 items at a supermarket or 5 items at a convenience store? Code review works the same way.
500-line PRs are brutal. Attention fragments, issues get missed, and reviewers feel the pull of rubber-stamp approving.
Practical PR size guidelines:
| PR Size | Lines Changed | Review Time | Recommendation |
|---|---|---|---|
| Small | ~100 lines | 10–20 min | Best |
| Medium | 100–300 lines | 30–60 min | Fine |
| Large | 300–500 lines | 1–2 hours | Caution |
| XL | 500+ lines | Half a day+ | Avoid |
For big features, split into multiple PRs: "refactor PR", "interface change PR", "implementation PR".
Before hitting "Create PR", read your own diff as a reviewer would. On GitHub's diff view, check:
// Ask yourself these before submitting:
// 1. Do variable names communicate intent?
const d = new Date(); // bad
const createdAt = new Date(); // good
// 2. Does each function do one thing?
function processUserAndSendEmail(user: User) {
// Doing two things → split into two functions
}
// 3. Are error cases handled?
async function fetchUser(id: string) {
const user = await db.users.findById(id);
return user; // what if user is null?
}
// 4. Are there tests?
// 5. Did you leave any console.log or debug code?
Self-review catches obvious mistakes upfront. That frees your reviewer to focus on real logic issues.
Receiving review comments triggers defensiveness. "Why is this a problem?", "You don't understand my intent." That's natural — but pause before reacting.
Response patterns that work:
Reviewer: "This function seems to be doing too much. Feels like an SRP violation."
Bad response:
"It works fine though, I think this is acceptable."
Good response:
"You're right — looking at it again, it's both parsing the file and
saving to DB. Splitting those makes sense. I'll fix it."
Or when you genuinely disagree:
"Could you explain a bit more about why this is an SRP violation?
I thought these were related enough to group together, but I might
be missing something."
Asking for clarification is always better than silent resistance.
The most common code review mistake is criticizing the person instead of the code.
Criticizing the person (bad):
"Why did you make this so complicated? I can't follow this at all."
"This suggests you don't know the basics."
"I wouldn't have written it this way."
Criticizing the code (good):
"This logic is hard to follow as written.
Extracting an intermediate variable might make it clearer."
"A factory function here would make this easier to test."
"There might be a cleaner approach — what if we changed this to...?"
Feedback should always be about the code. "This code could be improved" not "you made a mistake."
When every comment carries the same weight, the reviewee doesn't know what to fix first. Use prefixes:
[BLOCKING] — must fix before merge
"[BLOCKING] User input is being interpolated directly into the SQL query.
This creates an SQL injection vulnerability. Use a prepared statement."
[NIT] — minor style issue, optional
"[NIT] `data` could be `userData` for a bit more clarity."
[QUESTION] — genuine curiosity, not criticism
"[QUESTION] Why setTimeout here? Just wondering if there's a
specific timing issue this is solving."
[SUGGESTION] — improvement idea, not required
"[SUGGESTION] Extracting this into a custom hook would make it
reusable elsewhere."
Reviewees can prioritize [BLOCKING], then get to [NIT] when time allows.
Reviews don't have to be purely problem-hunting. When you see good code, say so.
"This error handling is really clean — I'm going to borrow this pattern."
"The function name here is so clear I didn't need to read the implementation."
"These test cases are thorough. Future maintainers will thank you."
Teams that build praise into review culture receive critical feedback much more graciously.
## Before Opening PR
### Code Quality
- [ ] Self-reviewed the diff
- [ ] Removed console.log, debugger, debug artifacts
- [ ] Comments explain "why" not "what"
- [ ] Function/variable names communicate intent
- [ ] No duplicated code
### Functionality
- [ ] Error cases handled
- [ ] Edge cases considered
- [ ] No performance issues (N+1 queries, memory leaks)
### Tests
- [ ] Tests added for new functionality
- [ ] All existing tests pass
- [ ] Tests actually test meaningful behavior
### The PR Itself
- [ ] Description clearly explains what and why
- [ ] PR size is reviewable (~300 lines or less)
- [ ] Screenshots or demo added for UI changes
- [ ] Related issue linked
## Code Review Checklist
### Security
- [ ] SQL injection vulnerabilities
- [ ] XSS possibilities
- [ ] Sensitive data exposure (hardcoded API keys, passwords)
- [ ] Proper auth/permission checks
### Logic
- [ ] Business logic matches requirements
- [ ] Sufficient error handling
- [ ] Edge cases addressed
### Design
- [ ] No Single Responsibility Principle violations
- [ ] Appropriate abstraction level
- [ ] Blast radius of future changes is contained
### Performance
- [ ] No unnecessary computation
- [ ] Appropriate caching
- [ ] Database query efficiency
### Tests
- [ ] Important cases are tested
- [ ] Tests can actually fail
- [ ] Tests are fast and deterministic
// Reviewer receives this:
const r = u.map(x => x.a > 0 ? {...x, b: x.b * 1.1} : x)
.filter(y => y.c)
.reduce((acc, z) => acc + z.b, 0);
Good review comment:
It took me a while to figure out what this does.
Renaming the variables would make this self-documenting:
const totalActiveRevenue = users
.map(user => user.isEligible
? { ...user, revenue: user.revenue * 1.1 }
: user
)
.filter(user => user.isActive)
.reduce((total, user) => total + user.revenue, 0);
Same logic, reads like prose now.
// N+1 query spotted in review
async function getPostsWithAuthors(postIds: string[]) {
const posts = await db.posts.findMany({ where: { id: { in: postIds } } });
// Problem: separate query for each post
const postsWithAuthors = await Promise.all(
posts.map(async (post) => {
const author = await db.users.findById(post.authorId); // runs N times!
return { ...post, author };
})
);
return postsWithAuthors;
}
Review comment:
[BLOCKING] This has an N+1 query issue — 100 posts means 101 DB queries.
Using `include` resolves this in one query:
const posts = await db.posts.findMany({
where: { id: { in: postIds } },
include: { author: true } // one query total!
});
Alternatively, batch the authorId lookups into a single IN query.
Reviewer leaves:
"This seems off."
No idea what's wrong or how to fix it. Response:
"Could you be a bit more specific about what seems off?
Knowing which part and what you'd suggest would help a lot —
happy to refactor once I understand the concern :)"
Asking for specifics is not pushback. It's necessary.
PRs left waiting for days kill development flow. Agree on SLAs upfront:
Team Review SLA Example:
- Small PR (under 100 lines): first review within 24 hours
- Normal PR (100–300 lines): first review within 48 hours
- Large PR (300+ lines): first review within 72 hours
- Emergency hotfix: within 2 hours
When primary reviewer is unavailable:
- Designate a backup reviewer
- Surface blocking PRs in standups
Every team has a different review culture — some direct, some softer. Whichever style fits your team, consistency is what matters.
## Code Review Conventions
### Comment Prefixes
- [BLOCKING]: must fix before merge
- [NIT]: minor style, optional
- [QUESTION]: genuine question, not criticism
- [SUGGESTION]: improvement idea, optional
- [PRAISE]: recognizing good work
### Ground Rules
1. Critique the code, not the person
2. Never "change this" without explaining why
3. Include a suggested fix when possible
4. Praise good work explicitly
The anxiety around code review is real and normal. Having your work evaluated by a peer is never comfortable. But over time, you start to feel how a strong review culture accelerates the whole team.
Teams with healthy review cultures:
It starts uncomfortable on both sides. Give it time. The team's collective skill compounds — and that's code review's real value.