How closely do I read a code review?

I've talked before about being on the receiving end of a code review, but today I want to talk about how I approach providing a code review.

Specifically, how closely do I read the code, and what might I choose to just scan?

The first thing I consider is what type of change is this. For example, there are higher-risk changes in terms of security, data loss, or end user visibility, and those would require a more thorough review.

Next, I look at the size of the change. If it is a mega pull request, and it's not a higher-risk change, then I'm not going to scrutinize it as closely as I would a smaller change, just due to the time required.

Side note: If at all possible, avoid those mega pull requests. But that's a topic for another day.

Assuming it's one of those larger code reviews, but it isn't high risk, then I'll start by focusing on code in the app folder.

This code is going to get most of my attention. I'll read it closely, and even "play the computer", thinking through what that form request will reject, or what queries that controller method will run.

If something is unclear, then I'll jump to the tests to get a better understanding of the nuances.

Overall, though, I don't read the tests as closely as the code during a review.

I scan for patterns, since we have a very ordered way of writing tests, and I'm looking for deviations from that pattern. When I spot a deviation, I'll slow down and read that test more closely. This saves some time, especially since test code can often be more lines than the application code it's testing.

Another area I take my time is with configuration or environment changes. These tend to be smaller in terms of lines of code, but they can have a big impact on the application. There can also be considerations needed for deployment, so this is a good time to think that through as well.

As I've shown, some judgement is required in deciding what to inspect closely and what is safe to scan. Hopefully these guidelines will help improve the quality of your code reviews.

Here to help,

Joel

P.S. Do you not have anyone to review your code, or would you like an outside perspective on the health of your application? We offer code reviews for Laravel apps.