Practice Challenges

Sharpen your code review heuristics by identifying subtle bugs, race conditions, and hallucinated APIs inside pre-authored snippets.

Your Progress

You have completed 0 of 40 challenges

Sign in with GitHub to keep your progress across devices — practicing never requires it.

Sort By
Filter Challenges

Categories

Difficulty

Completion

Dependencies

The env mismatch

A developer asked an AI assistant to read a feature-flag environment variable to conditionally enable a new checkout flow. The suggested code works perfectly for the whole team locally, but the feature silently never turns on once deployed.

medium4 mins
Dependencies

The stale lockfile

A developer asked an AI assistant to fix a bug by bumping a dependency to a newer, patched version. The suggested fix edits package.json's version range by hand and commits it, but a teammate who runs a fresh install right after still ends up with the old, buggy version installed.

medium4 mins
Dependencies

The ESM/CJS clash

A developer asked an AI assistant to add a small utility package to a Node.js script. The suggested import statement matches the package's README exactly, but running the script throws immediately.

easy3 mins
Dependencies

The module clash

A developer asked an AI assistant to add a chart library to a React 19 project. The suggested install command succeeds without any errors, but the running app crashes with 'Invalid hook call' the moment the chart component renders.

hard5 mins
Wrong Patterns

The double negative

A developer asked an AI assistant to add a check that skips sending a marketing email to users who have opted out. The suggested condition compiles and passes a quick test, but a bug report shows some opted-out users are still receiving emails after an unrelated change nearby.

easy3 mins
Wrong Patterns

The god component

A developer asked an AI assistant to build a user settings page. The suggested component works, but it now owns form state, API calls, validation, toast notifications, and modal visibility all in one file, and every small change risks breaking something unrelated.

medium4 mins
Wrong Patterns

The prop drill

A developer asked an AI assistant to make the current logged-in user's theme preference available to a deeply nested button component. The suggested code works, but every component between the top and the button now has to accept and forward a prop it never actually uses.

medium4 mins
Wrong Patterns

The any escape

A developer asked an AI assistant to fix a TypeScript error on a function that processes webhook payloads from a payment provider. The suggested fix makes the red squiggly line disappear, but a malformed payload now crashes the server instead of being caught at compile time.

medium4 mins
Performance

The connection exhaustion

A developer asked an AI assistant to add a database query to a Next.js API route. The suggested code works fine in local testing, but under real traffic the app starts throwing 'too many connections' errors and the database eventually stops responding.

hard5 mins
Performance

The image tax

A developer asked an AI assistant to add a hero banner image to a Next.js landing page. The suggested code renders the image correctly, but the Lighthouse performance score drops sharply and the Largest Contentful Paint time nearly triples.

easy3 mins
Performance

The unindexed query

A developer asked an AI assistant to add a 'find orders by customer email' lookup to an admin dashboard. The suggested query returns correct results and runs fine in development with a handful of rows, but takes over 8 seconds once the orders table has grown to a few million rows in production.

medium4 mins
Performance

The bundle bloat

A developer asked an AI assistant to add a debounce utility to a form component. The suggested import works correctly, but the production bundle size jumps by over 70KB for what should be a single small function.

easy3 mins
Performance

The render storm

A developer asked an AI assistant to display sorted, filtered results in a table that re-renders on every keystroke of a search box. The suggested code works fine with a small dataset, but the input starts lagging noticeably once the table holds a few thousand rows.

medium4 mins
Race Conditions

The unmounted update

A developer asked an AI assistant to fetch a user's profile when a modal opens and show a loading spinner until it resolves. The suggested code works fine when the modal stays open, but throws a console warning, and occasionally a real bug, when a user closes the modal before the fetch finishes.

medium4 mins
Race Conditions

The double submit

A developer asked an AI assistant to handle a 'Place Order' button click that charges a customer's card and creates an order record. The suggested code works fine for a single click, but customers who double-click the button, or click again while the page is slow to respond, sometimes get charged twice.

medium4 mins
Race Conditions

The forgotten await

A developer asked an AI assistant to save an order to the database and then send a confirmation email referencing the saved order's ID. The suggested code runs without errors, but the confirmation email sometimes goes out with 'undefined' as the order ID.

medium4 mins
Race Conditions

The listener leak

A developer asked an AI assistant to track the window width in a React component for a responsive layout decision. The suggested code works initially, but after the component re-renders a few times, the resize handler starts firing multiple times per resize and the app slows down.

medium4 mins
Race Conditions

The race to render

A developer asked an AI assistant to fetch search results as the user types in a live search box. The suggested code works well on a fast connection, but on a throttled network, older searches sometimes overwrite newer ones with stale results.

hard5 mins
Security

The open redirect

A developer asked an AI assistant to redirect users back to the page they came from after logging in, using a 'next' query parameter. The suggested code works for normal navigation, but it also lets attackers craft login links that silently send victims to a phishing site right after they authenticate.

medium4 mins
Security

The weak hash

A developer asked an AI assistant to hash user passwords before storing them during signup. The suggested code stores something that looks hashed, but a leaked database would let an attacker recover most passwords within seconds.

hard5 mins
Security

The path walker

A developer asked an AI assistant to build an endpoint that serves user-uploaded files by filename from a local uploads folder. The suggested code works for normal filenames, but lets a malicious request read arbitrary files off the server's filesystem.

hard5 mins
Security

The leaked secret

A developer asked an AI assistant to call a paid third-party weather API from a Next.js client component. The suggested code works immediately in local development, but it also ships the team's API key to every visitor's browser.

medium4 mins
Security

The reflected echo

A developer asked an AI assistant to render a search page's 'Showing results for' message, bolding the term the user typed. The suggested code renders correctly for normal searches, but a malicious query turns into a working script tag on the page.

medium4 mins
Logic Errors

The mutated loop

A developer asked an AI assistant to remove all expired coupons from a list in place. The suggested code compiles cleanly and appears to work in quick manual tests, but a bug report shows some expired coupons are still slipping through.

medium4 mins
Logic Errors

The float surprise

A developer asked an AI assistant to validate that a shopping cart's line-item prices sum exactly to the order total before allowing checkout. The suggested equality check fails randomly on orders that are, by every human measure, correct.

medium4 mins
Logic Errors

The empty trap

A developer asked an AI assistant to compute the average rating from a list of review scores for a product page. The suggested code works great for every product with reviews, but the page crashes entirely for new products that have zero reviews yet.

easy3 mins
Logic Errors

The boundary miss

A developer asked an AI assistant to slice a results array into pages of 10 items for a paginated table. The suggested code compiles and looks reasonable, but every page is missing its last row, and users keep reporting gaps between pages.

easy3 mins
Logic Errors

The silent NaN

A developer asked an AI assistant to calculate a cart line total from a quantity field. The suggested code passes every manual test where a number is typed, but when a customer clears the field before checkout, the page silently shows a broken price instead of stopping them.

easy3 mins
Hallucinated APIs

The fake endpoint

A developer asked an AI assistant to refund half of a Stripe charge programmatically. The suggested code calls a method that looks like it belongs to the Stripe Node SDK, but throws the instant it's invoked in a live billing job.

hard5 mins
Hallucinated APIs

The invented flag

A developer asked an AI assistant to add a request timeout to a fetch call that hits a slow internal API. The suggested option compiles fine and never errors, but the request still hangs well past the intended limit.

medium4 mins
Hallucinated APIs

The helpful util

A developer asked an AI assistant to check whether a config file exists before reading it, using Node's promise-based fs module. The suggestion crashes on every single call, even when the file is present.

easy3 mins
Hallucinated APIs

The plausible hook

A developer asked an AI assistant to debounce a search input in a React component. The suggestion imports a hook directly from 'react' that sounds exactly like something the library should ship. The build fails before the component ever renders.

medium4 mins
Hallucinated APIs

The confident method

A developer asked an AI assistant to deep-clone a settings object before mutating it inside a reducer. The suggested code runs the import fine but throws the moment the function is actually called.

easy3 mins
Dependencies

The server-side window crash

A developer is building a Next.js App Router application. They asked a chatbot to write a component that reads a value from localStorage on render. When the app is built or server-rendered, it crashes immediately. Why?

medium3 mins
Wrong Patterns

The swallowed error mystery

A developer used AI to generate a file utility function to load application config. Users report that when the config file is missing, the application fails silently and starts up with an empty configuration without any error logs. What is wrong?

easy2 mins
Performance

The N+1 performance killer

An AI wrote the following code to fetch all posts along with their author details. The developer complains that the database CPU spikes and API response time is very slow when there are hundreds of posts. Why?

medium4 mins
Security

The open execution door

A developer used an AI to write a route handler that checks if a domain is reachable by running a ping test. The input comes from a query parameter. Why is this endpoint highly insecure?

medium4 mins
Race Conditions

The stale React closure

The following component is intended to display a timer that increments every second. However, users report that the number gets stuck at 1 and never increments further. Why is this happening?

medium4 mins
Logic Errors

The off-by-one pagination

An AI assistant wrote a pagination helper function to extract a specific page of items from a list. It was asked to return items for page 1, page 2, etc. (where pages are 1-indexed, and each page has a size of `limit`). However, the output is incorrect. Why?

easy3 mins
Hallucinated APIs

The phantom module

A junior developer asked a chatbot to write a script that generates a cryptographically secure random identifier. The AI generated the following code, claiming it uses Node.js standard libraries. What is the issue here?

easy3 mins