Who is looking at your code (quality)?

Josh Owens
Learn coding concepts
4 min readJan 30, 2017

--

Code quality and security are super important issues in the software industry. Over the last year, I’ve spent some time analyzing javascript code for people and giving them technical opinions on how healthy their codebase is.

The truth is, most of the code bases I look at, have basic security and speed issues. Problems quickly solved if people were doing regular code reviews as part of their development process.

What is a code review?

Simply put, a code review is where someone opens up a browser or text editor with the application code in it. Then they comb through the code, looking for things that aren’t right. Honestly, when I run a code review, I rarely download the code and run the app — it is better if I don’t! By coming into application code with no knowledge or deep understanding of the domain, it lets me focus on the important parts like the speed of executing, security, and overall code readability.

We are busy writing code, do we need a code review?

Yes! Reviewing your code is crucial to the overall health of your codebase. If you are writing code that is wrong, slow, or insecure, then it will just continue to propagate itself as a pattern until it becomes a major issue. The bad code can choke out your product or app, like weeds starving off growing plants in your garden. How much will the mistakes now cost you in time later? That reminds me of one of my favorite quotes from basketball coach John Wooden:

If you don’t have time to do it right, when will you have time to do it over?

How long does a code review take?

For me, I can sit down and get a code review ready in a few hours of reading code — it just depends on the skills of the person running the review. I start by looking through server-side code (Node.js, Meteor.js, etc.), opening files and saving points that need discussed or looked at. I move on to the front-end and look for good code and good patterns. I then gather all of those up, give them a quick once over and review my thoughts in a video that I deliver to the client. The video also comes with a PDF that links to each spot in the code and usually has an article link that talks about how and why to fix the code. The whole process takes me 5–7 hours.

Here is what one client, Steve Ovens, had to say about his code review:

Project is going really well now. The team and I appreciated your feedback, and they have stepped up to a new level with their code since the review. We will likely have you on for another round of reviews once we progress a bit more.

We have a team of developers already, can they do it?

Sure! I’ve also been part of organizations that had larger teams, and we set up weekly hour-long lunch meetings. The team had a wide variety of knowledge levels, and everyone tried to participate in the voluntary meetings. The meeting would start with volunteers that wanted their pull requests looked at (post-merge usually) and we would go over it as a team in roundtable discussion setting. I also found this style to be super helpful because I would always walk away learning new things, and with a full belly!

Ok, ok… Maybe we need one, now what?

That is kind of up to you and your team to determine the level you want to take this practice. Does your team have a solid willingness to learn and work on code quality? Then start a weekly meeting and try to keep it short. Focus on one PR or one file of code and review it for issues.

Most of the time, in smaller organizations or with solo contractors, it is better to go outside and have an independent code review to ensure that the code base gets thoroughly vetted. Engineers have an incredible knack to ignore issues they’ve already noticed and doesn’t feel important enough to fix.

Every code review I’ve performed has resulted in finding potential security holes in the system. The worst of them was lacking any authorization checks on database updates, but alas that is for another post.

Are you available?

I am available, I have done over 15 codes reviews in the last 12 months, and it is something I deeply enjoy.

A Spacedojo Code Review is a very easy thing to get going. I have a simple contract that outlines things like NDA, payment, etc. The process is pretty painless to get started, just email Josh@spacedojo.com or visit the code review page , and I will be happy to discuss openings and timelines with you.

--

--

#javascript dev, father, husband to a wonderful wife - @wendylowens. Builder of @thespacedojo, @craterpodcast, & @craterio.