In this tutorial, you will learn some tips that will help you perform EPIC code base evaluations 🤑🤑🤑. There are too many reasons to list why someone might ask you to do a code base evaluation. | Usually a company ahs interested in a system they know nothing about and they need to know if a rewrite is needed, or if the system will be a pain in 🤬🤬🤬 to maintain before taking it on. Undertaking a good code base evaluation can be hard. You need to pick up code written by someone else and give an unbiased opinion on it. The unbiasedly part is hard. When it comes to coding we all have our own personal preferences on how something should be written. how good the system is. it is easy to say something is low quality just because it's not been built the way you would have built it.

This is why I recommend that you define a code quality baseline before you start the review. Defining common review criteria will help you to keep the review unbiased. Feedback needs to be consistent. What you define good and what the developer who writes the code considers good might be different. upfront you should define what good code is. Agree on the coding standards upfront. Agree on how to design patterns should be applied. Like any architecture, this involves breaking the site into some main core areas:

  • Code quality
  • Security
  • Performance
  • Readability

Being presented with a giant code can be overwhelming. Often it is hard to know where to start. This is why the key to performing a thorough code base evaluation is asking the right questions. Let us cover some thought-provoking questions that you should ask during an overview:


  • Do all user journeys have an integration test
  • What's the test coverage? if it is below a benchmark, what is the benchmark you recommend they aim towards
  • Do all components have unit tests?
    • Are the unit tests brittle?


  • has the code been designed with a good separation of concerns?
  • Is there a Ci/Cd pipeline?
  • How good is the Ci/Cd pipleine

Code Quality

  • Is there any duplicate code?
  • Are there any large functions
  • Are there any god classes?
  • Is any config hard coded in the code?


  • Does the sites reference any third-party packages? If so are any out of date, does this cause a security vulnerability?
  • What 3rd party libraries does the site use. Are they the best choice?
  • Does the code follow OWASP priniples
  • Are the sites web forms secure?


  • What are the sites key page speed scores?
  • How can page speed be improved?

When performing an evaluation if you try to answer these questions, the end results should be a very thorough and technically accurate report. Unfortunately, asking the questions is usually the easy bit. Understanding someone else code is the hard part. Good luck 😉. Happy Coding 🤘