Costco iOS · Code Review Dashboard
Granular review of the iOS codebase across 20 categories with 88 concrete findings, each with file path, line number, severity, and recommended fix. 3,435 Swift files across 29 SPM packages and the main app, plus 108 legacy Obj-C files.
68
OVERALL
Total findings
88
16 critical · 34 high
Critical
16
Likely crashes / serious bugs
High
34
Crash-prone, security, lifecycle
Medium / Low
34
Quality & maintainability
SPM packages
29
Hybrid CocoaPods + SPM
Test files
680
+ 6 XCTestPlans
Visual breakdown
Severity
All 88 findings
Category
Findings concentration
By type
Crash, leak, lint, security…
Category radar
Health profile
Granular reports
▲ Crash Risks
force-try, force-unwrap, unsafe casts, NSException paths.
◉ Memory Leaks
Retain cycles, timer leaks, NotificationCenter observers, KVO.
↻ Lifecycle Issues
UIViewController + SwiftUI lifecycle, completion handler captures.
≣ Lint Report
print() in prod, hardcoded hex, TODO markers, deprecated APIs.
▦ Class-by-Class
Sortable, filterable, full-table view with Excel export.
✦ Crashlytics
Upload Crashlytics export; auto-cross-reference to F### findings.
Category scorecard
Architecture & Module Structure
01
29 SPM packages + CocoaPods hybrid; clean MVVM in feature modules.
Score80/100 · 0 findings
Code Quality & Maintainability
02
Modern Swift, but 28 TODO markers and 108 Obj-C legacy files create maintenance drag.
Score70/100 · 5 findings
Swift / Obj-C Interop & Modernization
03
Swift-first new code; ~108 .m + 109 .h legacy files in the main app.
Score72/100 · 0 findings
SwiftUI & UIKit Layer
04
288 SwiftUI imports adopted across features; UIKit + 29 storyboards + 33 XIBs persist.
Score65/100 · 15 findings
Swift Concurrency
05
async/await adopted in newer modules; legacy completion handlers + DispatchQueue dominate.
Score72/100 · 2 findings
Dependency Injection
06
Native init-based DI, no formal framework; brittle for testing at scale.
Score60/100 · 0 findings
Networking & Data Layer
07
URLSession + custom CostcoNetworkClient + ServerTrustManager (cert pinning) — solid.
Score75/100 · 0 findings
Persistence & Storage
08
Storage SPM abstraction + UserDefaults + Keychain wrappers; verify CoreData migrations.
Score70/100 · 0 findings
Security
09
Cert pinning + Keychain + passkey; ATS exceptions in Notification Extension are concerning.
Score70/100 · 37 findings
Performance
10
Heavy viewDidLoad work, unbounded image loading in cells, no instrumented dashboard.
Score62/100 · 2 findings
Testing
11
680 test files + 6 XCTestPlans + iOSSnapshotTestCase + SnapshotTesting; coverage threshold unconfirmed.
Score75/100 · 0 findings
Error Handling & Logging
12
30+ print() in production paths; no centralized logger; OSLog/swift-log not adopted.
Score68/100 · 6 findings
Accessibility (a11y)
13
Mixed signal: some accessibilityLabel/Hint usage, but no Dynamic Type, missing traits, VoiceOver gaps.
Score50/100 · 5 findings
Internationalization & Localization
14
4 locales (en, en-CA, fr-CA, fr); ~2,000 strings; some hardcoded literal text remains.
Score70/100 · 0 findings
Build, Xcode & Dependencies
15
Xcode 15.x · Swift 5 · iOS 16+ · CocoaPods + 29 SPM packages · SwiftLint enabled.
Score78/100 · 2 findings
Resource Management
16
Mixed asset catalogs, hardcoded hex colors despite design system; no dark-mode audit.
Score65/100 · 0 findings
Lifecycle & State Management
17
Retain cycles, timer leaks, NotificationCenter unbounded observers — major risk.
Score60/100 · 14 findings
Documentation & Comments
18
Stale README; minimal DocC coverage; no ADRs.
Score55/100 · 0 findings
Static Analysis & Lint
19
SwiftLint integrated via CocoaPods — verify rules are enforced on every PR.
Score70/100 · 0 findings
Privacy & Compliance
20
ATS exceptions present; Background Location for geofencing needs disclosure.
Score70/100 · 0 findings
Costco iOS · Code Review Report · Generated 2026-05-07 · 88 machine-curated findings