code-review

# Code Review Skill You now have expertise in conducting comprehensive code reviews. Follow this structured approach: ## Review Checklist ### 1. Security (Critical) Check for: - [ ] **Injection vulnerabilities**: SQL, command, XSS, template injection - [ ] **Authentication issues**: Hardcoded credentials, weak auth - [ ] **Authorization flaws**: Missing access controls, IDOR - [ ] **Data exposure**: Sensitive data in logs, error messages - [ ] **Cryptography**: Weak algorithms, improper key management - [ ] **Dependencies**: Known vulnerabilities (check with `npm audit`, `pip-audit`) ```bash # Quick security scans npm audit # Node.js pip-audit # Python cargo audit # Rust grep -r "password\|secret\|api_key" --include="*.py" --include="*.js" ``` ### 2. Correctness Check for: - [ ] **Logic errors**: Off-by-one, null handling, edge cases - [ ] **Race conditions**: Concurrent access without synchronization - [ ] **Resource leaks**: Unclosed files, connections, memory - [ ] **Error handling**: Swallowed exceptions, missing error paths - [ ] **Type safety**: Implicit conversions, any types ### 3. Performance Check for: - [ ] **N+1 queries**: Database calls in loops - [ ] **Memory issues**: Large allocations, retained references - [ ] **Blocking operations**: Sync I/O in async code - [ ] **Inefficient algorithms**: O(n^2) when O(n) possible - [ ] **Missing caching**: Repeated expensive computations ### 4. Maintainabilit...