Java代码审查清单：系统性检查指南与最佳实践

java-code-review by decebals/claude-code-java

81 周安装量

436 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/decebals/claude-code-java --skill java-code-review

软件工程 JavaScript 框架代码质量

🇨🇳中文介绍

Java 代码审查技能

适用于 Java 项目的系统性代码审查清单。

使用时机

用户说"审查这段代码" / "检查这个 PR" / "代码审查"
合并 PR 之前
实现功能之后

审查策略

快速浏览 - 理解意图，确定范围
清单检查 - 逐项检查以下每个类别
总结 - 按严重程度列出发现的问题（严重 → 轻微）

输出格式

## 代码审查：[文件/功能名称]

### 严重问题
- [问题描述 + 行号引用 + 建议]

### 改进建议
- [建议 + 理由]

### 轻微/风格问题
- [细节问题，可选改进]

### 观察到的良好实践
- [积极反馈 - 对团队士气很重要]

审查清单

1. 空值安全

检查：

// ❌ NPE 风险
String name = user.getName().toUpperCase();

// ✅ 安全
String name = Optional.ofNullable(user.getName())
    .map(String::toUpperCase)
    .orElse("");

// ✅ 同样安全（提前返回）
if (user.getName() == null) {
    return "";
}
return user.getName().toUpperCase();

标记点：

没有空值检查的链式方法调用

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

Node.js后端模式指南：构建可扩展REST API、微服务与实时应用

20,000 周安装

Next.js 16+ 缓存组件指南：实现部分预渲染（PPR）与混合内容缓存

17,000 周安装

网页可访问性（A11y）开发指南：实现WCAG合规、键盘导航与屏幕阅读器支持

12,600 周安装

Vue 3 调试指南：解决响应式、计算属性与监听器常见错误

11,900 周安装

公共 API 上缺少 @Nullable / @NonNull 注解

未进行 isPresent() 检查就调用 Optional.get()

可能返回 Optional 或空集合的方法却返回了 null

对于可能缺失的返回类型使用 Optional
对构造函数/方法参数使用 Objects.requireNonNull()
返回空集合而不是 null：Collections.emptyList()

// ❌ 吞掉异常
try {
    process();
} catch (Exception e) {
    // 静默忽略
}

// ❌ 捕获范围过宽
catch (Exception e) { }
catch (Throwable t) { }

// ❌ 丢失堆栈跟踪
catch (IOException e) {
    throw new RuntimeException(e.getMessage());
}

// ✅ 正确处理
catch (IOException e) {
    log.error("处理文件失败: {}", filename, e);
    throw new ProcessingException("文件处理失败", e);
}

空的 catch 块
宽泛地捕获 Exception 或 Throwable
丢失原始异常（未链式传递）
使用异常进行流程控制
受检异常泄漏到 API 边界之外

记录上下文和堆栈跟踪
使用特定的异常类型
使用 cause 链式传递异常
考虑为领域错误使用自定义异常

// ❌ 遍历时修改
for (Item item : items) {
    if (item.isExpired()) {
        items.remove(item);  // ConcurrentModificationException
    }
}

// ✅ 使用 removeIf
items.removeIf(Item::isExpired);

// ❌ 为简单操作使用流
list.stream().forEach(System.out::println);

// ✅ 简单循环更清晰
for (Item item : list) {
    System.out.println(item);
}

// ❌ 收集后修改
List<String> names = users.stream()
    .map(User::getName)
    .collect(Collectors.toList());
names.add("extra");  // 可能是不可变的！

// ✅ 显式声明可变列表
List<String> names = users.stream()
    .map(User::getName)
    .collect(Collectors.toCollection(ArrayList::new));

遍历期间修改集合
对简单操作过度使用流
假设 Collectors.toList() 返回可变列表
未使用 List.of(), Set.of(), Map.of() 创建不可变集合
在不理解影响的情况下使用并行流

使用 List.copyOf() 进行防御性拷贝
使用 removeIf() 代替迭代器移除
转换用流，副作用用循环

// ❌ 非线程安全
private Map<String, User> cache = new HashMap<>();

// ✅ 线程安全
private Map<String, User> cache = new ConcurrentHashMap<>();

// ❌ 检查后执行竞态条件
if (!map.containsKey(key)) {
    map.put(key, computeValue());
}

// ✅ 原子操作
map.computeIfAbsent(key, k -> computeValue());

// ❌ 双重检查锁定（没有 volatile 会失效）
if (instance == null) {
    synchronized(this) {
        if (instance == null) {
            instance = new Instance();
        }
    }
}

共享可变状态没有同步
检查后执行模式不具备原子性
共享变量缺少 volatile
在非 final 对象上同步
线程不安全的延迟初始化

优先使用不可变对象
使用 java.util.concurrent 类
简单情况使用 AtomicReference, AtomicInteger
考虑使用 @ThreadSafe / @NotThreadSafe 注解

equals/hashCode：

// ❌ 只有 equals 没有 hashCode
@Override
public boolean equals(Object o) { ... }
// 缺少 hashCode！

// ❌ hashCode 中使用可变字段
@Override
public int hashCode() {
    return Objects.hash(id, mutableField);  // 破坏 HashMap
}

// ✅ 使用不可变字段，两者都实现
@Override
public boolean equals(Object o) {
    if (this == o) return true;
    if (!(o instanceof User user)) return false;
    return Objects.equals(id, user.id);
}

@Override
public int hashCode() {
    return Objects.hash(id);
}

// ❌ 缺失 - 难以调试
// 没有 toString()

// ❌ 包含敏感数据
return "User{password='" + password + "'}";

// ✅ 对调试有用
@Override
public String toString() {
    return "User{id=" + id + ", name='" + name + "'}";
}

// ✅ 适用于具有多个可选参数的类
User user = User.builder()
    .name("John")
    .email("john@example.com")
    .build();

有 equals 但没有 hashCode
hashCode 中使用可变字段
领域对象缺少 toString
构造函数参数 > 3-4 个（建议使用构建器）
未使用 instanceof 模式匹配（Java 16+）

// ❌ 资源泄漏
FileInputStream fis = new FileInputStream(file);
// ... 可能在关闭前抛出异常

// ✅ Try-with-resources
try (FileInputStream fis = new FileInputStream(file)) {
    // ...
}

// ❌ 多个资源，顺序错误
try (BufferedWriter writer = new BufferedWriter(new FileWriter(file))) {
    // 如果 BufferedWriter 失败，FileWriter 可能不会被关闭
}

// ✅ 单独声明
try (FileWriter fw = new FileWriter(file);
     BufferedWriter writer = new BufferedWriter(fw)) {
    // 两者都正确关闭
}

对 Closeable/AutoCloseable 未使用 try-with-resources
打开了资源但未放在 try-with-resources 中
数据库连接/语句未正确关闭

// ❌ 布尔参数
process(data, true, false);  // 这些是什么意思？

// ✅ 使用枚举或构建器
process(data, ProcessMode.ASYNC, ErrorHandling.STRICT);

// ❌ 为"未找到"返回 null
public User findById(Long id) {
    return users.get(id);  // 未找到则返回 null
}

// ✅ 返回 Optional
public Optional<User> findById(Long id) {
    return Optional.ofNullable(users.get(id));
}

// ❌ 接受 null 集合
public void process(List<Item> items) {
    if (items == null) items = Collections.emptyList();
}

// ✅ 要求非 null，接受空集合
public void process(List<Item> items) {
    Objects.requireNonNull(items, "items 不能为 null");
}

布尔参数（优先使用枚举）
方法参数 > 3 个（考虑参数对象）
类似方法之间空值处理不一致
公共 API 输入缺少验证

// ❌ 循环中的字符串拼接
String result = "";
for (String s : strings) {
    result += s;  // 每次迭代创建新 String
}

// ✅ StringBuilder
StringBuilder sb = new StringBuilder();
for (String s : strings) {
    sb.append(s);
}

// ❌ 循环中编译正则表达式
for (String line : lines) {
    if (line.matches("pattern.*")) { }  // 每次编译正则
}

// ✅ 预编译模式
private static final Pattern PATTERN = Pattern.compile("pattern.*");
for (String line : lines) {
    if (PATTERN.matcher(line).matches()) { }
}

// ❌ 循环中的 N+1 问题
for (User user : users) {
    List<Order> orders = orderRepo.findByUserId(user.getId());
}

// ✅ 批量获取
Map<Long, List<Order>> ordersByUser = orderRepo.findByUserIds(userIds);

循环中的字符串拼接
循环中编译正则表达式
N+1 查询模式
在紧密循环中创建可重用的对象
未使用基本类型流（IntStream, LongStream）

空输入
空集合
边界值
异常情况
并发访问（如适用）

严重程度	标准
严重	安全漏洞、数据丢失风险、生产环境崩溃
高	很可能存在 bug、显著性能问题、破坏 API 约定
中	代码异味、可维护性问题、缺少最佳实践
低	风格、轻微优化、建议

专注于更改的行（使用 git diff）
不要重复明显的问题 - 将类似发现分组
引用行号，而不是完整的代码引用
跳过自动生成的文件或测试夹具

类别	关键检查项
空值安全	链式调用、Optional 误用、返回 null
异常	空 catch 块、宽泛捕获、丢失堆栈跟踪
集合	遍历期间修改、流与循环
并发	共享可变状态、检查后执行
惯用法	equals/hashCode 配对、toString、构建器
资源	try-with-resources、连接泄漏
API	布尔参数、空值处理、验证
性能	字符串拼接、循环中的正则、N+1

🇺🇸English

Java Code Review Skill

Systematic code review checklist for Java projects.

When to Use

User says "review this code" / "check this PR" / "code review"
Before merging a PR
After implementing a feature

Review Strategy

Quick scan - Understand intent, identify scope
Checklist pass - Go through each category below
Summary - List findings by severity (Critical → Minor)

Output Format

## Code Review: [file/feature name]

### Critical
- [Issue description + line reference + suggestion]

### Improvements
- [Suggestion + rationale]

### Minor/Style
- [Nitpicks, optional improvements]

### Good Practices Observed
- [Positive feedback - important for morale]

Review Checklist

1. Null Safety

Check for:

// ❌ NPE risk
String name = user.getName().toUpperCase();

// ✅ Safe
String name = Optional.ofNullable(user.getName())
    .map(String::toUpperCase)
    .orElse("");

// ✅ Also safe (early return)
if (user.getName() == null) {
    return "";
}
return user.getName().toUpperCase();

Flags:

Chained method calls without null checks
Missing @Nullable / @NonNull annotations on public APIs
Optional.get() without isPresent() check
Returning null from methods that could return Optional or empty collection

Suggest:

Use Optional for return types that may be absent
Use Objects.requireNonNull() for constructor/method params
Return empty collections instead of null: Collections.emptyList()

2. Exception Handling

Check for:

// ❌ Swallowing exceptions
try {
    process();
} catch (Exception e) {
    // silently ignored
}

// ❌ Catching too broad
catch (Exception e) { }
catch (Throwable t) { }

// ❌ Losing stack trace
catch (IOException e) {
    throw new RuntimeException(e.getMessage());
}

// ✅ Proper handling
catch (IOException e) {
    log.error("Failed to process file: {}", filename, e);
    throw new ProcessingException("File processing failed", e);
}

Flags:

Empty catch blocks
Catching Exception or Throwable broadly
Losing original exception (not chaining)
Using exceptions for flow control
Checked exceptions leaking through API boundaries

Suggest:

Log with context AND stack trace
Use specific exception types
Chain exceptions with cause
Consider custom exceptions for domain errors

3. Collections & Streams

Check for:

// ❌ Modifying while iterating
for (Item item : items) {
    if (item.isExpired()) {
        items.remove(item);  // ConcurrentModificationException
    }
}

// ✅ Use removeIf
items.removeIf(Item::isExpired);

// ❌ Stream for simple operations
list.stream().forEach(System.out::println);

// ✅ Simple loop is cleaner
for (Item item : list) {
    System.out.println(item);
}

// ❌ Collecting to modify
List<String> names = users.stream()
    .map(User::getName)
    .collect(Collectors.toList());
names.add("extra");  // Might be immutable!

// ✅ Explicit mutable list
List<String> names = users.stream()
    .map(User::getName)
    .collect(Collectors.toCollection(ArrayList::new));

Flags:

Modifying collections during iteration
Overusing streams for simple operations
Assuming Collectors.toList() returns mutable list
Not using List.of(), Set.of(), Map.of() for immutable collections
Parallel streams without understanding implications

Suggest:

List.copyOf() for defensive copies
removeIf() instead of iterator removal
Streams for transformations, loops for side effects

4. Concurrency

Check for:

// ❌ Not thread-safe
private Map<String, User> cache = new HashMap<>();

// ✅ Thread-safe
private Map<String, User> cache = new ConcurrentHashMap<>();

// ❌ Check-then-act race condition
if (!map.containsKey(key)) {
    map.put(key, computeValue());
}

// ✅ Atomic operation
map.computeIfAbsent(key, k -> computeValue());

// ❌ Double-checked locking (broken without volatile)
if (instance == null) {
    synchronized(this) {
        if (instance == null) {
            instance = new Instance();
        }
    }
}

Flags:

Shared mutable state without synchronization
Check-then-act patterns without atomicity
Missing volatile on shared variables
Synchronized on non-final objects
Thread-unsafe lazy initialization

Suggest:

Prefer immutable objects
Use java.util.concurrent classes
AtomicReference, AtomicInteger for simple cases
Consider @ThreadSafe / @NotThreadSafe annotations

5. Java Idioms

equals/hashCode:

// ❌ Only equals without hashCode
@Override
public boolean equals(Object o) { ... }
// Missing hashCode!

// ❌ Mutable fields in hashCode
@Override
public int hashCode() {
    return Objects.hash(id, mutableField);  // Breaks HashMap
}

// ✅ Use immutable fields, implement both
@Override
public boolean equals(Object o) {
    if (this == o) return true;
    if (!(o instanceof User user)) return false;
    return Objects.equals(id, user.id);
}

@Override
public int hashCode() {
    return Objects.hash(id);
}

toString:

// ❌ Missing - hard to debug
// No toString()

// ❌ Including sensitive data
return "User{password='" + password + "'}";

// ✅ Useful for debugging
@Override
public String toString() {
    return "User{id=" + id + ", name='" + name + "'}";
}

Builders:

// ✅ For classes with many optional parameters
User user = User.builder()
    .name("John")
    .email("john@example.com")
    .build();

Flags:

equals without hashCode
Mutable fields in hashCode
Missing toString on domain objects
Constructors with > 3-4 parameters (suggest builder)
Not using instanceof pattern matching (Java 16+)

6. Resource Management

Check for:

// ❌ Resource leak
FileInputStream fis = new FileInputStream(file);
// ... might throw before close

// ✅ Try-with-resources
try (FileInputStream fis = new FileInputStream(file)) {
    // ...
}

// ❌ Multiple resources, wrong order
try (BufferedWriter writer = new BufferedWriter(new FileWriter(file))) {
    // FileWriter might not be closed if BufferedWriter fails
}

// ✅ Separate declarations
try (FileWriter fw = new FileWriter(file);
     BufferedWriter writer = new BufferedWriter(fw)) {
    // Both properly closed
}

Flags:

Not using try-with-resources for Closeable/AutoCloseable
Resources opened but not in try-with-resources
Database connections/statements not properly closed

7. API Design

Check for:

// ❌ Boolean parameters
process(data, true, false);  // What do these mean?

// ✅ Use enums or builder
process(data, ProcessMode.ASYNC, ErrorHandling.STRICT);

// ❌ Returning null for "not found"
public User findById(Long id) {
    return users.get(id);  // null if not found
}

// ✅ Return Optional
public Optional<User> findById(Long id) {
    return Optional.ofNullable(users.get(id));
}

// ❌ Accepting null collections
public void process(List<Item> items) {
    if (items == null) items = Collections.emptyList();
}

// ✅ Require non-null, accept empty
public void process(List<Item> items) {
    Objects.requireNonNull(items, "items must not be null");
}

Flags:

Boolean parameters (prefer enums)
Methods with > 3 parameters (consider parameter object)
Inconsistent null handling across similar methods
Missing validation on public API inputs

8. Performance Considerations

Check for:

// ❌ String concatenation in loop
String result = "";
for (String s : strings) {
    result += s;  // Creates new String each iteration
}

// ✅ StringBuilder
StringBuilder sb = new StringBuilder();
for (String s : strings) {
    sb.append(s);
}

// ❌ Regex compilation in loop
for (String line : lines) {
    if (line.matches("pattern.*")) { }  // Compiles regex each time
}

// ✅ Pre-compiled pattern
private static final Pattern PATTERN = Pattern.compile("pattern.*");
for (String line : lines) {
    if (PATTERN.matcher(line).matches()) { }
}

// ❌ N+1 in loops
for (User user : users) {
    List<Order> orders = orderRepo.findByUserId(user.getId());
}

// ✅ Batch fetch
Map<Long, List<Order>> ordersByUser = orderRepo.findByUserIds(userIds);

Flags:

String concatenation in loops
Regex compilation in loops
N+1 query patterns
Creating objects in tight loops that could be reused
Not using primitive streams (IntStream, LongStream)

9. Testing Hints

Suggest tests for:

Null inputs
Empty collections
Boundary values
Exception cases
Concurrent access (if applicable)

Severity Guidelines

Severity	Criteria
Critical	Security vulnerability, data loss risk, production crash
High	Bug likely, significant performance issue, breaks API contract
Medium	Code smell, maintainability issue, missing best practice
Low	Style, minor optimization, suggestion

Token Optimization

Focus on changed lines (use git diff)
Don't repeat obvious issues - group similar findings
Reference line numbers, not full code quotes
Skip files that are auto-generated or test fixtures

Quick Reference Card

Category	Key Checks
Null Safety	Chained calls, Optional misuse, null returns
Exceptions	Empty catch, broad catch, lost stack trace
Collections	Modification during iteration, stream vs loop
Concurrency	Shared mutable state, check-then-act
Idioms	equals/hashCode pair, toString, builders
Resources	try-with-resources, connection leaks
API	Boolean params, null handling, validation
Performance	String concat, regex in loop, N+1

Weekly Installs

Repository

decebals/claude…ode-java

GitHub Stars

359

First Seen

Feb 19, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode18

gemini-cli18

github-copilot18

amp18

codex18

kimi-cli18

测试策略完整指南：单元/集成/E2E测试金字塔与自动化实践

11,200 周安装

Java代码审查清单：系统性检查指南与最佳实践

🇨🇳中文介绍

Java 代码审查技能

使用时机

审查策略

输出格式

审查清单

1. 空值安全

相关 Skills

2. 异常处理

3. 集合与流

4. 并发

5. Java 惯用法

6. 资源管理

7. API 设计

8. 性能考虑

9. 测试提示

严重程度指南

Token 优化

快速参考卡

🇺🇸English

Java Code Review Skill

When to Use

Review Strategy

Output Format

Review Checklist

1. Null Safety

2. Exception Handling

3. Collections & Streams

4. Concurrency

5. Java Idioms

6. Resource Management

7. API Design

8. Performance Considerations

9. Testing Hints

Severity Guidelines

Token Optimization

Quick Reference Card

最新 Skills