Best of Code ReviewOctober 2025

  1. 1
    Article
    Avatar of hnHacker News·31w

    How I Almost Got Hacked By A 'Job Interview'

    A developer shares a close call with a sophisticated phishing attack disguised as a legitimate job interview. The scam involved a fake LinkedIn profile from a real company, a coding challenge containing obfuscated malware designed to steal crypto wallets and credentials, and professional social engineering tactics. The attack was discovered by using an AI assistant to scan the codebase for suspicious patterns before execution. The malware was embedded in server-side code with full Node.js privileges and connected to a remote payload that disappeared within 24 hours.

  2. 2
    Article
    Avatar of zaidesantonManager.dev·30w

    The price of mandatory code reviews

    Analysis of 400+ companies and 3000+ engineers reveals that mandatory code reviews reduce bugs by 2.4x but slow output by 1.9x. Teams without reviews ship 59 expert hours per developer versus 31 with reviews, but produce 8.9 bugs versus 3.7. High-quality reviews (score >75) reduce bugs by 61% while slowing output by 38%. Fast PR turnaround (<3 hours) makes teams 2.1x more productive compared to 8+ hour reviews. Top-performing teams (90th percentile) achieve 2.7x faster output with 33% fewer bugs per feature than median teams. Review quality correlates strongly with company culture—engineers who give thorough reviews receive them in return.

  3. 3
    Article
    Avatar of zaidesantonManager.dev·31w

    What a 10X TEAM looks like

    A startup CEO shares how his 6-person engineering team achieves velocity comparable to 50-person organizations through direct customer-engineer communication, AI-assisted code reviews with sub-hour PR merges, and continuous bottleneck elimination. The approach prioritizes learning rate over accumulated knowledge, includes hiring interns for fresh perspectives, and requires leadership to remain hands-on in code to identify real friction points.

  4. 4
    Article
    Avatar of hnHacker News·29w

    Your vibe coded slop PR is not welcome

    AI coding tools have created an asymmetry in open source: generating code is now cheap, but reviewing it remains expensive. The author proposes a binary framework distinguishing 'prototypes' (AI-generated demos shared via branches, not PRs) from 'ready-to-review PRs' (human-vouched code meeting project standards). Maintainers face increasing volumes of low-effort AI contributions that consume disproportionate review time. The solution requires clear labeling, contributor etiquette, and recognition that AI assistance is acceptable only when contributors take full ownership of the final code quality.

  5. 5
    Article
    Avatar of phProduct Hunt·29w

    Kodus: Open-source AI Code Review that won’t let you break prod

    Kodus is an open-source AI code review agent that integrates with GitHub, GitLab, Bitbucket, and Azure DevOps. It allows teams to use any LLM model (OpenAI, Claude, Gemini, Anthropic), learns from existing codebases and workflows, supports custom review rules in natural language, connects with project management tools like Jira and Notion for business context, and automatically tracks technical debt by converting suggestions into issues.

  6. 6
    Article
    Avatar of github_updatesGitHub Changelog·29w

    New public preview features in Copilot code review: AI reviews that see the full picture

    GitHub Copilot code review now combines LLM-based analysis with deterministic tools like CodeQL and ESLint for more accurate feedback. New features include agentic tool calling for full project context, integration with security and quality linters, and direct handoff to the Copilot coding agent for automated fixes. The tool supports customizable workflows through instruction files and is available across multiple editors including VS Code, Visual Studio, JetBrains, and Xcode.

  7. 7
    Article
    Avatar of simonwillisonSimon Willison·32w

    Vibe engineering

    Introduces 'vibe engineering' as a term for experienced developers who use LLMs and coding agents productively while maintaining accountability for their code. Unlike 'vibe coding' (fast, irresponsible AI-driven development), vibe engineering requires senior-level skills: comprehensive testing, planning, documentation, version control, code review, QA, and research abilities. Coding agents like Claude Code, OpenAI's Codex CLI, and Gemini CLI enable parallel development workflows but demand top-tier engineering practices. AI tools amplify existing expertise rather than replace it, making traditional software engineering disciplines more important than ever.

See all Code Review archives