Skills Guide

Pre-PR Preflight Check

VerifiedSafe

Comprehensive checklist to catch common issues before creating a PR, covering TypeScript, React, security, and code quality standards.

Sby Skills Guide Bot
DevelopmentIntermediate
306/2/2026
Claude Code
#pre-commit#code-quality#best-practices#checklist

Recommended for

Backend developerClaude CodeCode reviewFrontend developerFullstack developerRefactoring

Our review

Runs a series of automated checks on changed files before creating a pull request, covering TypeScript, React, security, performance, and style.

Strengths

  • Broad coverage of common issues: TypeScript, React, security, performance.
  • Organized report by category with file:line references.
  • Integrates real commands (git diff, pnpm tsc, pnpm audit).
  • Enforces best practices like path aliases, Prisma selects, and Zod validation.

Limitations

  • Does not replace full test suites (vitest, Playwright).
  • Some checks are subjective (e.g., console.log might be intentional).
  • Depends on installed tools (pnpm, make) and project configuration.
When to use it

Run this check just before pushing your code or opening a PR to catch common issues quickly.

When not to use it

Avoid using it as the sole quality gate; combine with automated tests and manual review.

Security analysis

Safe
Quality score90/100

The skill is a code review checklist that runs standard development commands (git diff, make/types/pnpm audit) on the user's own codebase. There are no destructive, exfiltrating, or obfuscated actions. All commands are safe and typical for pre-PR checks.

No concerns found

Examples

Pre-PR check
Run preflight checks on my current changes to catch any common issues before I push.
Quick quality scan
Scan my uncommitted changes for TypeScript strictness, React patterns, dead code, and security problems.

name: preflight description: Pre-PR check for common issues - run before pushing to catch problems early

Preflight

Run this before creating a PR to catch common issues in changed files.

Instructions

  1. Run git diff main --name-only to get list of changed files
  2. For each changed file, run the checks below
  3. Report issues with file:line references
  4. Group by category for readability

Checks

TypeScript Strict

  • [ ] No any types - find proper type or use unknown
  • [ ] No @ts-ignore or @ts-expect-error without explanation
  • [ ] Local interfaces use Props not ComponentNameProps
  • [ ] Type check passes (use make types if available, else pnpm tsc --noEmit)
# Check if 'types' target is available in make output
make 2>/dev/null | grep -q 'types' && make types || pnpm tsc --noEmit

React Patterns

  • [ ] 'use client' only where actually needed (hooks, browser APIs, event handlers)
  • [ ] Browser-only libs use dynamic(() => import(...), { ssr: false })
  • [ ] No console.log left in code (use proper logging or remove)

Route Structure

  • [ ] Routes have loading.tsx with skeleton
  • [ ] Routes have error.tsx with reset button
  • [ ] Page components are server components unless they need client features

Data Fetching

  • [ ] Prisma queries use select to specify fields (not bare findMany())
  • [ ] No N+1 patterns (queries inside loops)
  • [ ] tRPC routers return flat structures

Validation

  • [ ] Zod schemas in validations/ not inline in components

Environment Variables

  • [ ] No process.env.* outside constants/ directory
  • [ ] New env vars added to .env.example
  • [ ] NEXT_PUBLIC_ prefix only for client-safe values
  • [ ] Server-only secrets not accessed in client components

Imports

  • [ ] Use @/ path alias (no ../../../ climbs)
  • [ ] Barrel exports updated when adding new files

Dead Code

  • [ ] No unused imports
  • [ ] No unused variables or parameters
  • [ ] No unused functions or components
  • [ ] No commented-out code blocks (delete or restore)
  • [ ] No unreachable code after return/throw

Security

  • [ ] No hardcoded secrets or API keys
  • [ ] No dangerouslySetInnerHTML without sanitization
  • [ ] No raw SQL queries (use parameterized/Prisma)
  • [ ] No sensitive data in console.log or error messages
  • [ ] User input validated before use

Dependency Vulnerabilities

Quick audit check (not full analysis - use /audit for that):

pnpm audit 2>/dev/null | head -20
  • [ ] No critical/high vulnerabilities in direct dependencies
  • Transitive/dev-only vulnerabilities: note but don't block (run /audit for full analysis)

Git Hygiene

  • [ ] No merge conflict markers (<<<<<<<, =======, >>>>>>>)
  • [ ] No .only or .skip left in test files
  • [ ] No debugger statements
  • [ ] No .env.local or other local config committed
  • [ ] No large binary files that shouldn't be in git

Performance

  • [ ] Large objects/arrays use useMemo if recreated each render
  • [ ] Images have explicit width and height (prevents layout shift)
  • [ ] No synchronous heavy operations in render path
  • [ ] Lists over 100 items paginated or virtualized
  • [ ] No useEffect without dependency array

Styling

  • [ ] Theme-aware colors (text-muted-foreground) not hardcoded (text-gray-500)
  • [ ] Images use <Image> from next/image

Dates

  • [ ] Use formatInTimeZone from date-fns-tz, not format from date-fns
  • [ ] Display dates in facilityTimezone, store in UTC

Accessibility

  • [ ] Images have alt attributes
  • [ ] Interactive elements have proper aria-* attributes
  • [ ] Form inputs have associated labels

Code Style

  • [ ] No semicolons
  • [ ] Files end with single newline
  • [ ] Empty lines have no whitespace
  • [ ] No trailing whitespace

Output Format

## Preflight Report

> Note: Not running test suites (vitest/playwright) - assuming you've run them or will before pushing. CI is the backstop.

### TypeScript (2 issues)
- app/users/page.tsx:15 - `any` type used, consider `User[]`
- components/modal.tsx:8 - uses `UserModalProps` instead of `Props`

### Route Structure (1 issue)
- app/bookings/ - missing loading.tsx

### Imports (1 issue)
- lib/utils.ts:3 - relative import `../../components`, use `@/components`

### Passed
- React Patterns
- Data Fetching
- Validation
- Styling
- Dates
- Accessibility
- Code Style

Severity

Report issues but don't block. Developer decides what to fix. Some checks are style preferences, others are bugs waiting to happen.

Must fix: Security issues, merge conflict markers, hardcoded secrets, .only/.skip in tests Should fix: any types, missing error boundaries, N+1 queries, timezone bugs, unused code, performance issues Nice to fix: Naming conventions, import style, semicolons

Related skills

Next.js App Router Expert

Development

A skill that turns Claude into a Next.js App Router expert.

Claude CodeCursoradvanced
890
234
2,846
Admin

README Generator

Development

Creates professional and comprehensive README.md files for your projects.

claudeCursorWindsurfbeginner
259
72
821
Admin

API Documentation Writer

Development

Generates comprehensive API documentation in OpenAPI/Swagger format.

claudeCursorWindsurfintermediate
156
44
682
Admin