nextjs
Installation
SKILL.md
Next.js Code Review Rules
Security (Critical)
- Server Actions must validate and sanitize all input
- No secrets exposed in client components
- Check
headers()andcookies()usage is server-side only - Sanitize all dynamic values (file names, HTTP headers) to prevent injection attacks
- Never use HTML comments (
<!-- -->) in production code - Validate and escape all user-provided content before rendering
App Router Structure
- Verify
app/directory structure follows conventions (page.tsx,layout.tsx,loading.tsx,error.tsx) - Check
use clientdirective is only used when necessary (event handlers, hooks, browser APIs) - Server Components should not import client-only libraries (useState, useEffect, etc.)
- Implement error boundaries with
error.tsxfor error handling - Use error boundaries to catch and handle errors in Server Components
- Provide fallback UIs for errors with proper error messages
Data Fetching
Related skills
More from yldgio/codereview-skills
dotnet
ASP.NET Core patterns, dependency injection, middleware, async/await, and security
6github-actions
GitHub Actions workflow security, performance optimization, and best practices
6docker
Dockerfile best practices, security hardening, multi-stage builds, and image optimization
5react
React component patterns, hooks best practices, state management, and performance optimization
3angular
Angular component architecture, RxJS patterns, change detection, and module organization
1gh-cli
GitHub CLI (gh) comprehensive reference for repositories, issues, pull requests, Actions, projects, releases, gists, codespaces, organizations, extensions, and all GitHub operations from the command line.
1