Best of Code Review — 2025

1. 1
   Article

   Hacker News·41w

   Read That F*cking Code!

   AI coding tools like Claude Code enable developers to generate working code without reading it, but this practice leads to three critical issues: architectural decay, loss of domain knowledge, and security vulnerabilities. The author advocates for two responsible approaches: fast prototyping with post-session review for peripheral features, and synchronous pair-coding for core functionality. A comprehensive checklist covers architecture consistency, security scoping, meaningful tests, documentation, error handling, and performance considerations.

   565

   31
2. 2
   Article

   Matthias Endler·41w

   How To Review Code

   A comprehensive guide to effective code reviewing based on two decades of experience. Emphasizes focusing on big picture design over syntax, the critical importance of good naming, being decisive when rejecting changes, and treating reviews as iterative communication processes. Key principles include running code locally when possible, asking clarifying questions, avoiding nitpicking on formatting, and continuously learning from the review process.

   493

   20
3. 3
   Article

   Collections·1y

   Essential Tips for Writing Clean Code

   Writing clean code is crucial for efficient development, improved software quality, and better team collaboration. Essential tips include using descriptive variable names, leveraging AI tools for code reviews, minimizing unnecessary comments, following the DRY principle, maintaining consistent code formatting, breaking down complex functions, organizing project files effectively, avoiding hard-coded values, and applying the single responsibility principle.

   388

   19
4. 4
   Article

   Hacker News·31w

   How I Almost Got Hacked By A 'Job Interview'

   A developer shares a close call with a sophisticated phishing attack disguised as a legitimate job interview. The scam involved a fake LinkedIn profile from a real company, a coding challenge containing obfuscated malware designed to steal crypto wallets and credentials, and professional social engineering tactics. The attack was discovered by using an AI assistant to scan the codebase for suspicious patterns before execution. The malware was embedded in server-side code with full Node.js privileges and connected to a remote payload that disappeared within 24 hours.

   245

   33
5. 5
   Article

   Elevate·22w

   My LLM coding workflow going into 2026

   A comprehensive guide to using LLM coding assistants effectively in 2026. Key practices include starting with detailed specifications before coding, breaking work into small iterative chunks, providing extensive context to the AI, choosing appropriate models for different tasks, maintaining human oversight through testing and code review, committing frequently for version control safety, customizing AI behavior with rules and examples, leveraging automation as quality gates, and treating AI as a force multiplier rather than replacement. The workflow emphasizes treating LLMs as junior pair programmers requiring guidance while maintaining developer accountability for all code produced.

   176

   5
6. 6
   Video

   The Coding Gopher·42w

   99% of Developers Don't Get Git Rebase

   Git rebase is a powerful command that rewrites commit history by replaying commits from one branch onto another, creating a linear history instead of merge commits. Unlike git merge which preserves branching structure, rebase transplants commits as if they were created on top of the target branch. The process involves finding the common ancestor, temporarily storing unique commits, and reapplying them with new hashes. Interactive rebase allows developers to squash, reorder, edit, or drop commits for cleaner history. However, rebasing shared branches is dangerous as it rewrites history and can disrupt collaborators. Best practices include only rebasing local feature branches and using clear commit messages for better code review workflows.

   173

   14
7. 7
   Article

   Zero To Mastery·34w

   This ain’t the same dev I know

   169

   21
8. 8
   Article

   The Polymathic Engineer·42w

   What to Look for in Code Reviews

   A comprehensive guide covering the essential aspects of effective code reviews, prioritized by importance. Covers design considerations as the most critical factor, followed by functionality review, complexity assessment, test quality evaluation, naming and documentation standards, and style consistency. Emphasizes the importance of structured approaches over random scanning, focusing on catching bugs, improving code quality, and facilitating team learning through systematic review practices.

   136

   5
9. 9
   Video

   Fireship·1y

   5 weird (but useful) data structures in computer science

   The post explores five unusual but useful data structures that go beyond the basic ones commonly known in computer science: B trees, radix trees, ropes, Bloom filters, and cuckoo hashing. Each data structure offers unique advantages in handling specific problems, such as reducing search complexity, efficiently managing large strings, and resolving hash table collisions. Additionally, a new VS Code extension by Code Rabbit is introduced, enhancing code review processes.

   120

   1
10. 10
    Article

    Simon Willison·22w

    Your job is to deliver code you have proven to work

    Software engineers must deliver proven, working code rather than untested contributions. This requires both manual testing (seeing the code work yourself, documenting steps, testing edge cases) and automated testing (bundling tests with changes). With AI coding agents like Claude Code, developers should train these tools to prove their changes work through testing before submission. The human developer remains accountable for ensuring code quality and providing evidence that changes function correctly.

    111

    11
11. 11
    Video

    The Coding Sloth·36w

    AI Makes Programming Fun

    Programming with AI tools can make development more enjoyable by automating boring tasks like learning new codebases, writing PR summaries, and handling code reviews. The author demonstrates using AI to contribute to VS Code's open source project, showing how AI can help understand large codebases, generate code, and streamline workflows. While AI tools like code completion and automated agents can speed up development and reduce tedious work, they're not perfect and require careful use to avoid over-reliance and potential errors.

    101

    3
12. 12
    Article

    Manager.dev·22w

    5 engineering dogmas it's time to retire

    Five common software engineering practices deserve reconsideration: relying heavily on third-party packages creates security and maintenance risks, mandatory code reviews slow teams down unnecessarily, 2-4 week sprints drain joy from development, overusing feature flags creates codebase complexity, and avoiding all code comments is an extreme position. Each practice has merit but shouldn't be treated as absolute dogma. Engineering managers should balance these principles with their team's specific context rather than following them blindly.

    91

    9
13. 13
    Article

    Manager.dev·26w

    Shadow work in engineering teams

    Engineering teams lose significant capacity to undocumented work that never appears in sprint planning. Three major categories drain productivity: invisible production support (ad-hoc fixes, alert investigations, support questions), technical glue work (code reviews, mentoring, documentation), and shadow backlogs (off-roadmap requests and technical debt work). This hidden work causes burnout in senior engineers, breaks capacity planning, creates strategic bottlenecks, and erodes trust between business and engineering. Solutions include making work tracking painless, distributing glue work across the team through mentorship, and formally incorporating shadow backlog items into planning rather than treating them as unofficial work.

    86

    7
14. 14
    Article

    Programming Digest·23w

    No code reviews by default

    Raycast's engineering team operates without mandatory code reviews, allowing engineers to push directly to the main branch and request reviews only when needed. This trust-based approach emerged from their early startup days and scaled with their distributed team. They prioritize rapid iteration through daily internal releases, dogfooding changes within 24 hours, and shipping public updates every two weeks. Code reviews are still used selectively for unfamiliar code areas, database migrations, or onboarding new team members. The team relies on post-commit notifications, quick video calls, and continuous integration to maintain quality while avoiding the bottlenecks of traditional pull request workflows.

    80

    27
15. 15
    Article

    System Design Newsletter·42w

    How to Do Code Review

    Code reviews are essential for maintaining code quality as teams grow, but they can create bottlenecks and conflicts without proper guidelines. Effective code reviews require both authors and reviewers to follow best practices: authors should keep changes small, self-review first, and provide clear descriptions, while reviewers should respond within 24 hours, focus on constructive feedback, and approve when code is good enough rather than perfect. The typical workflow involves creating pull requests, running automated checks through CI, conducting human reviews, making updates based on feedback, and deploying approved changes. AI tools like CodeRabbit can complement human reviewers by handling routine checks and providing consistent feedback, ultimately improving developer velocity while maintaining code quality.

    80
16. 16
    Article

    Javarevisited·26w

    Don’t Ignore Thread Safety — Design for Concurrency from Day One

    Concurrency bugs are non-deterministic, hard to reproduce, and often emerge only under production load, making them far more dangerous than typical logic errors. Building thread-safe systems from the start requires adopting design principles like immutability, avoiding shared state, using concurrency-safe primitives, and reviewing code with concurrency in mind. AI-powered code review tools can automatically detect unsafe shared variables, missing synchronization, potential deadlocks, and race conditions during pull requests, catching issues before they reach production. As modern applications become increasingly distributed and parallel, treating concurrency as a baseline engineering skill rather than an afterthought is essential for building scalable, maintainable systems.

    79

    1
17. 17
    Article

    Community Picks·1y

    The Anatomy of Slow Code Reviews

    Slow code reviews are a common complaint among software developers, often due to social and cultural factors. Common causes include too many reviewers, large code changes, and a lack of prioritization for reviews. Improving code review times involves understanding these social aspects, simplifying code complexity, and implementing performance metrics such as service level objectives (SLOs) for review and revision times. Encouraging a culture that values swift and thoughtful reviews, as well as using tools to automate parts of the process, can significantly enhance review efficiency.

    73

    3
18. 18
    Article

    Engineer’s Codex·21w

    Everyone is a Staff Engineer Now

    AI coding agents like Claude Code are shifting engineering work from implementation to higher-level activities like architecture, planning, and code review. Skills traditionally associated with staff engineers—maintaining context across systems, managing asynchronous workflows, steering AI agents effectively, and reviewing code—are becoming baseline requirements earlier in careers. Junior engineers now operate at senior-level abstraction while seniors architect at staff-level scale. Success depends less on prompting AI and more on managing personal context, maintaining focus during agent runtime, and developing new workflows that treat AI as a junior engineer to delegate to.

    70

    5
19. 19
    Article

    Lobsters·27w

    AI's 70% Problem — Zed's Blog

    Addy Osmani from Google's Chrome team discusses the "70% problem" in AI coding: while AI tools can rapidly generate 70% of a solution, the remaining 30% involving edge cases, security, and production integration remains as challenging as ever. Despite over 30% of Google's code being AI-generated, trust in AI-generated code has declined from 70% to 60% in two years. The talk covers common pitfalls like the "two steps back" pattern where AI fixes create new problems, the reality that productivity gains are modest (1-2x) compared to hype, and code review becoming a new bottleneck. Osmani emphasizes that developers must understand and take responsibility for AI-generated code, especially junior developers who should use AI as a learning aid while maintaining curiosity.

    68

    1
20. 20
    Article

    GitHub Changelog·21w

    Copilot Memory early access for Pro and Pro+

    GitHub Copilot Memory is now in early access for Pro and Pro+ subscribers. This feature allows Copilot agents to learn from user feedback and actions, building repository-specific memory to improve assistance across coding and code review workflows. Users can enable it through Settings > Copilot, and GitHub plans to expand availability to more subscription tiers in the future.

    66

    1
21. 21
    Article

    GitHub Changelog·26w

    Pull request "Files changed" public preview

    GitHub's new Files changed page now includes an Overview button that displays pull request descriptions inline, eliminating the need to switch tabs or scroll. The update also includes performance improvements for faster navigation, with more optimizations planned for the coming weeks. The feature is currently in public preview.

    62

    2
22. 22
    Article

    ITNEXT·1y

    AI Code Reviewer: Automate Your Code Reviews

    AI Code Reviewer is an open-source Python script from AnyMaint that uses large language models like ChatGPT and Gemini to analyze GitHub pull requests. It offers features such as automated comments, issue detection, and PR summaries. The tool can be run manually or automated through GitHub Actions. It is available under the BSD 3-Clause License and is designed to streamline code reviews for individual and team projects.

    59
23. 23
    Video

    The Cherno·1y

    An 11-Year-Old Made a "Game Engine" // Code Review

    An 11-year-old named Anthony submitted his game engine project, 'Real Engine,' for a code review by Chenno. Despite being so young, Anthony managed to include a README, license, and instructions for his project. Chenno engages with the code, providing constructive feedback and corrections, particularly focusing on issues with precompiled headers and shader management. The post also highlights the importance of separating external dependencies into static libraries. Additionally, Chenno introduces the use of AI in code reviews through Code Rabbit, which can help in identifying potential bugs and improving code structure.

    52

    8
24. 24
    Video

    Web Dev Cody·49w

    Cursor just got a major update

    Cursor 1.0 introduces several major features including background agents that can perform concurrent code refactoring tasks, bugbot for automated code review in pull requests, memory functionality to learn coding preferences, and enhanced MCP tool integrations. The background agent feature allows developers to delegate smaller tasks while focusing on main work, though it uses expensive premium models. Bugbot automatically reviews pull requests for potential issues, while the memory system learns individual coding preferences per project.

    51

    2
25. 25
    Article

    Graphite.dev·42w

    How I got Claude to write code I could actually ship

    Claude Code can generate thousands of lines of code quickly, but large AI-generated PRs are difficult to review safely. The solution is teaching Claude to create stacked pull requests using Graphite's gt CLI, breaking complex features into smaller, focused, reviewable chunks. By adding specific instructions about stacking workflows and requiring Claude to plan its approach before coding, developers can make AI-generated code more manageable and shippable. The GT MCP tool helps align Claude's internal planning with actual PR structure.

    48

    2