> woocommerce-code-review

Review WooCommerce code changes for coding standards compliance. Use when reviewing code locally, performing automated PR reviews, or checking code quality in WooCommerce projects.

fetch

$curl "https://skillshub.wtf/secondsky/claude-skills/woocommerce-code-review?format=md"

SKILL.md•woocommerce-code-review

WooCommerce Code Review

Review code changes against WooCommerce coding standards and conventions.

Critical Violations to Flag

Backend PHP Code

Consult the woocommerce-backend-dev skill for detailed standards. Using these standards as guidance, flag these violations and other similar ones:

Architecture & Structure:

Standalone functions - Must use class methods (file-entities.md)
Using new for DI-managed classes - Classes in src/ must use $container->get() (dependency-injection.md)
Classes outside src/Internal/ - Default location unless explicitly public (file-entities.md)

Naming & Conventions:

camelCase naming - Must use snake_case for methods/variables/hooks (code-entities.md)
Yoda condition violations - Must follow WordPress Coding Standards (coding-conventions.md)

Documentation:

Missing @since annotations - Required for public/protected methods and hooks (code-entities.md)
Missing docblocks - Required for all hooks and methods (code-entities.md)
Verbose docblocks - Keep concise, one line is ideal (code-entities.md)

Data Integrity:

Missing validation - Must verify state before deletion/modification (data-integrity.md)

Testing:

Using $instance in tests - Must use $sut variable name (unit-tests.md)
Missing @testdox - Required in test method docblocks (unit-tests.md)
Test file naming - Must follow convention for includes/ vs src/ (unit-tests.md)

UI Text & Copy

Consult the woocommerce-copy-guidelines skill. Flag:

Title Case in UI - Must use sentence case (sentence-case.md)
- Wrong: "Save Changes", "Order Details", "Payment Options"
- Correct: "Save changes", "Order details", "Payment options"
- Exceptions: Proper nouns (WooPayments), acronyms (API), brand names

Review Approach

Scan for critical violations listed above
Cite specific skill files when flagging issues
Provide correct examples from the skill documentation
Group related issues for clarity
Be constructive - explain why the standard exists when relevant

Output Format

For each violation found:

[Issue Type]: [Specific problem]
Location: [File path and line number]
Standard: [Link to relevant skill file]
Fix: [Brief explanation or example]

Notes

All detailed standards are in the woocommerce-backend-dev, woocommerce-dev-cycle, and woocommerce-copy-guidelines skills
Consult those skills for complete context and examples
When in doubt, refer to the specific skill documentation linked above

> related_skills --same-repo

> zustand-state-management

--- name: zustand-state-management description: Zustand state management for React with TypeScript. Use for global state, Redux/Context API migration, localStorage persistence, slices pattern, devtools, Next.js SSR, or encountering hydration errors, TypeScript inference issues, persist middleware problems, infinite render loops. Keywords: zustand, state management, React state, TypeScript state, persist middleware, devtools, slices pattern, global state, React hooks, create store, useBoundS

> zod

TypeScript-first schema validation and type inference. Use for validating API requests/responses, form data, env vars, configs, defining type-safe schemas with runtime validation, transforming data, generating JSON Schema for OpenAPI/AI, or encountering missing validation errors, type inference issues, validation error handling problems. Zero dependencies (2kb gzipped).

> xss-prevention

--- name: xss-prevention description: XSS attack prevention with input sanitization, output encoding, Content Security Policy. Use for user-generated content, rich text editors, web application security, or encountering stored XSS, reflected XSS, DOM manipulation, script injection errors. Keywords: sanitization, HTML-encoding, DOMPurify, CSP, Content-Security-Policy, rich-text-editor, user-input, escaping, innerHTML, DOM-manipulation, stored-XSS, reflected-XSS, input-validation, output-encodi

> wordpress-plugin-core

--- name: wordpress-plugin-core description: WordPress plugin development with hooks, security, REST API, custom post types. Use for plugin creation, $wpdb queries, Settings API, or encountering SQL injection, XSS, CSRF, nonce errors. Keywords: wordpress plugin development, wordpress security, wordpress hooks, wordpress filters, wordpress database, wpdb prepare, sanitize_text_field, esc_html, wp_nonce, custom post type, register_post_type, settings api, rest api, admin-ajax, wordpress sql inj

┌ stats

installs/wk0

░░░░░░░░░░

github stars100

██████████

first seenApr 3, 2026

└────────────