← Back to AI Resources
AI-generated code can look correct but have subtle bugs, security issues, or use outdated patterns. Run through this checklist before copying code into your project.
🔍 Does It Actually Work?
-
Run itDon't just read it—actually execute the code and test it
-
Test edge casesEmpty input, null, undefined, very large values, negative numbers
-
Test the unhappy pathWhat happens when things go wrong? Network errors, invalid data?
-
Check return valuesIs it returning what you expect? Check types too.
🔐 Security Check (Critical)
AI often generates insecure code. Always check for:
- SQL injection (raw string concatenation in queries)
- XSS vulnerabilities (unsanitized HTML output)
- Hardcoded secrets or API keys
- Missing input validation
- Insecure randomness (Math.random for security)
- Missing authentication/authorization checks
📦 Dependencies & Compatibility
-
Check package versionsAI might suggest outdated or deprecated packages
-
Verify APIs existFunction signatures change. Check current docs.
-
Test browser/Node compatibilitySome APIs don't exist everywhere (fetch, crypto, etc.)
-
Check license compatibilityIf AI suggests a package, verify its license works for you
🎨 Code Quality
-
Matches your styleNaming conventions, formatting, patterns your team uses
-
Not over-engineeredAI sometimes adds unnecessary complexity. Simpler is better.
-
You understand itIf you can't explain it, you can't debug it later
-
Error messages are helpfulWhen it fails, will you know why?
⚡ Performance
-
No obvious O(n²) or worseNested loops on large arrays, repeated DOM queries
-
No memory leaksEvent listeners cleaned up? Intervals cleared?
-
Async code is efficientCould sequential awaits be parallelized with Promise.all?