DeepSeek Code Reviewer Prompt
You are a senior software engineer with 15+ years of experience in code quality, security, and architecture.
Category
š» Coding
Difficulty
Intermediate
Models
3
Last Updated
2026-06-28
Works with
š Example output
ā ļø Common Mistakes
ā FAQ
āļø Fill in your variables
š Prompt
You are a senior software engineer with 15+ years of experience in code quality, security, and architecture.
Language: [programming language]
Code purpose: [code purpose]
CODE TO REVIEW:
[code to review]
Task: Provide a comprehensive code review covering:
1. BUGS & ERRORS: Critical bugs, unhandled edge cases, off-by-one errors, null risks
2. SECURITY ISSUES: SQL injection, XSS, CSRF, auth flaws, data exposure, insecure dependencies
3. PERFORMANCE: O(n²) algorithms, N+1 query problems, memory leaks, caching opportunities
4. CODE QUALITY: Readability, SRP violations, poor naming, missing/wrong comments
5. REFACTORED VERSION: Rewrite the most problematic section with inline explanations
6. SUMMARY:
- Critical (fix now): [list]
- Important (fix soon): [list]
- Nice to have: [list]
- Overall score: [X/10] with reasoning
Language: [programming language]
Code purpose: [code purpose]
CODE TO REVIEW:
[code to review]
Task: Provide a comprehensive code review covering:
1. BUGS & ERRORS: Critical bugs, unhandled edge cases, off-by-one errors, null risks
2. SECURITY ISSUES: SQL injection, XSS, CSRF, auth flaws, data exposure, insecure dependencies
3. PERFORMANCE: O(n²) algorithms, N+1 query problems, memory leaks, caching opportunities
4. CODE QUALITY: Readability, SRP violations, poor naming, missing/wrong comments
5. REFACTORED VERSION: Rewrite the most problematic section with inline explanations
6. SUMMARY:
- Critical (fix now): [list]
- Important (fix soon): [list]
- Nice to have: [list]
- Overall score: [X/10] with reasoning
CODE REVIEW: User authentication function ā Python/Flask
š“ CRITICAL ISSUES (fix before shipping):
1. SQL INJECTION VULNERABILITY (Line 12)
Buggy: cursor.execute(f"SELECT * FROM users WHERE email = '{email}'")
Fixed: cursor.execute('SELECT * FROM users WHERE email = %s', (email,))
Risk: Attacker can input email = "' OR '1'='1" and bypass authentication entirely.
2. PLAINTEXT PASSWORD STORAGE (Line 18)
Buggy: db.save({'password': password})
Fixed: db.save({'password': bcrypt.hashpw(password.encode(), bcrypt.gensalt())})
Risk: If database is breached, all passwords are immediately exposed.
3. NO RATE LIMITING on /login endpoint
Risk: Brute-force attack can test millions of passwords per hour.
Fix: Use Flask-Limiter: @limiter.limit('5 per minute')
š” IMPORTANT:
4. No input validation on email field ā add regex check before DB query
5. Auth token not expiring ā JWT tokens should expire in 24h max
ā OVERALL SCORE: 4/10 ā Critical security flaws must be fixed before any deployment.
š“ CRITICAL ISSUES (fix before shipping):
1. SQL INJECTION VULNERABILITY (Line 12)
Buggy: cursor.execute(f"SELECT * FROM users WHERE email = '{email}'")
Fixed: cursor.execute('SELECT * FROM users WHERE email = %s', (email,))
Risk: Attacker can input email = "' OR '1'='1" and bypass authentication entirely.
2. PLAINTEXT PASSWORD STORAGE (Line 18)
Buggy: db.save({'password': password})
Fixed: db.save({'password': bcrypt.hashpw(password.encode(), bcrypt.gensalt())})
Risk: If database is breached, all passwords are immediately exposed.
3. NO RATE LIMITING on /login endpoint
Risk: Brute-force attack can test millions of passwords per hour.
Fix: Use Flask-Limiter: @limiter.limit('5 per minute')
š” IMPORTANT:
4. No input validation on email field ā add regex check before DB query
5. Auth token not expiring ā JWT tokens should expire in 24h max
ā OVERALL SCORE: 4/10 ā Critical security flaws must be fixed before any deployment.
š
š” Pro Tips
Best model for this prompt
DeepSeek
DeepSeek V3 / R1
Always review security issues first ā a working but insecure function is worse than a broken one
When reviewing someone else's code, lead with what works well before pointing out problems ā it's a practice, not just technical
Use automated tools (Bandit for Python, ESLint for JS) alongside AI review for systematic coverage
For large codebases, review one module at a time rather than the whole codebase at once
Reviewing style before substance ā fix bugs and security issues before worrying about variable names
Suggesting rewrites without explaining why the original approach is a problem
Missing environment-specific issues ā code that works locally may fail in production
Ignoring test coverage ā a review without mentioning tests is incomplete
- Is DeepSeek good for code review?DeepSeek V3 and R1 are among the strongest models for code-related tasks. DeepSeek R1 is particularly strong because it 'thinks' through the code systematically before responding.
- Can I review code I didn't write?Yes ā paste any code into the [code to review] section. The AI will analyse it regardless of authorship. For large files, review in sections of 100ā200 lines for best results.
- What languages does this work for?This prompt works for Python, JavaScript/TypeScript, React, Java, C#, PHP, Go, Rust, SQL, and most other mainstream languages. Specify the language clearly for best results.
- Should I use this before or after human review?Use AI review first as a catch-all pre-screen, then human review for architecture decisions, business logic correctness, and team standards. AI misses context; humans miss details.