10 Code Smells AI Code Review Will Catch (and How to Fix Them)

AI code reviewers don't get tired, don't skip files, and don't care that the deadline is tomorrow. That makes them excellent at catching the boring patterns that humans miss on the fifth review of the day. Here are the ten code smells we see flagged most often on TrashMyCode — and how to fix them before the AI finds them.

1. The useEffect graveyard

Six useEffect hooks in one component, each with its own dependency-array footgun. Combine related effects, lift state up, or move the side effect into a custom hook with a single intent.

2. Bare except clauses

except: with nothing after it swallows KeyboardInterrupt, MemoryError, and the bug you actually wanted to see. Always specify the exception class: except ValueError as e:.

3. Functions named "handleStuff" or "doThing"

A name should describe what the function does, not that it does something. handleStuff tells the reader nothing. parseInvoiceLine tells them everything.

4. Magic numbers everywhere

A loop that runs i < 86400 reads like ancient runes. Pull constants out: const SECONDS_IN_DAY = 86_400. The reader (and Future You) will thank you.

5. God components

A 600-line React component that owns auth state, form state, analytics, and the kitchen sink. Split by concern — auth context, form hook, presentational UI — and watch test coverage become possible.

6. Boolean flag parameters

renderUser(user, true, false, true) is a riddle. Use an options object or split into two functions named for what they actually do.

7. Mutating function arguments

A function that takes list and silently appends to it is a bug factory. Return a new array, or be loud about the mutation in the function name (pushIntoList).

8. Catch-and-ignore error handlers

try { ... } catch {} hides the bug, turns a 5-minute fix into a 5-hour debug session, and removes any chance your monitoring will warn you. Log it, rethrow it, or handle it — never swallow it.

9. Comments that say WHAT instead of WHY

// increment i next to i++ is noise. Reserve comments for the non-obvious WHY: hidden constraints, workarounds for specific bugs, business rules.

10. Hardcoded secrets

API keys committed in plain text. The AI flags this even when the key is "just for dev". Use environment variables and.env.local from day one.

The fastest way to find these in your code

Paste any file into the free TrashMyCode AI reviewer, pick an intensity, and you'll get a sorted list of every smell with a severity score and a fixed version in under thirty seconds. It is significantly faster than waiting for a senior to look at your PR, and it is brutally honest about which mistakes are bad enough to redo before merging.