Productised offer - React Codebase Audit
A fixed-price, five-day written audit of your React codebase by senior engineers with 20+ years of production experience. You get a prioritised remediation plan you can act on with or without us.
Built for engineering leaders who want a senior, independent opinion on their React app — before committing to a major rebuild, a new agency relationship, or a board-level technical decision.
What you get - A 20-30 page written report you can act on.
Not a generic checklist. A specific, prioritised plan covering the exact pain points in your codebase — written by senior engineers who have shipped React apps in production for 20+ years.
- Architecture review. Component structure, state management patterns, routing, data fetching, and the boundaries between business logic and UI. Identifies the architectural choices costing you velocity today.
- Dependency & security audit. Every npm dependency reviewed for known CVEs, abandoned packages, and version drift. Bundle-size analysis with specific recommendations for which packages to swap or remove.
- Performance baseline. Lighthouse scores across desktop and mobile, Core Web Vitals (LCP, INP, CLS), and a prioritised list of the top 5 performance wins with estimated effort and impact.
- Accessibility (WCAG 2.2 AA). Automated and manual accessibility review covering keyboard navigation, screen-reader compatibility, focus management, and colour contrast. UK Equality Act 2010 implications flagged.
- CI/CD & deployment review. Pipeline health, test coverage, deploy frequency, rollback safety, and time-from-commit-to-production. Specific recommendations to shorten the loop without sacrificing safety.
- Prioritised remediation plan. Every finding mapped to a P0/P1/P2 priority with estimated effort (in days), business impact, and a recommended sequence. Your team knows exactly what to do on Monday.
How it works - Five working days from start to finish.
Fixed scope, fixed price, fixed timeline. No scope creep, no surprise invoices.
Day 0
Kick-off call (30 min)
You give us context: what the app does, what hurts, what you are considering changing. We agree access to the repo and pipeline.
Days 1-3
Deep code & pipeline review
Senior engineers do the work — not a junior with a checklist. We read every significant module, run the build, profile the production app, and instrument the pipeline.
Day 4
Report drafting
We write the findings up with code references, before/after examples where useful, and the priority plan.
Day 5
Report delivered
PDF and editable doc delivered. We book the walkthrough call for the following week.
Day 7-10
Walkthrough call (60 min)
We talk through findings with your tech lead and any stakeholders. You leave with a plan you can act on whether or not you ever hire us again.
Fixed price
£2,500
Plus VAT. No hidden fees, no scope creep, no “upgrade” tiers. You get the same audit at the same depth every time.
Book your auditWe typically have one audit slot per fortnight. Get in touch to check the next available slot.
FAQ - Audit FAQs
- What exactly do I get for £2,500?
- A 20-30 page written report covering: architecture review, dependency and security audit, performance baseline with Lighthouse scores, accessibility audit (WCAG 2.2 AA), build/deploy pipeline review, and a prioritised remediation plan with estimated effort for each item. Plus a 60-minute walkthrough call to discuss findings and next steps.
- How long does the audit take?
- Five working days from kick-off. We deliver the report on day 5 and book the walkthrough call within a week of delivery.
- Will I be locked into hiring you afterwards?
- No. About a third of audits end with us doing the remediation work, a third end with the client doing it in-house using our plan, and a third sit on the shelf. We do not negotiate against ourselves — the £2,500 is the fee, regardless of whether you hire us afterwards.
- What do you need from us to get started?
- Read access to your Git repository (or a recent ZIP), read access to your deployment pipeline (GitHub Actions, AWS, Vercel, etc.), and 30 minutes with a technical stakeholder for context. No production access required.
- Is this only for React codebases?
- Primarily yes — that is where we have the most depth. We will also audit Next.js, React Native, and TypeScript-heavy Node.js codebases. For non-React stacks, we will tell you upfront whether we are the right firm.
- Can you sign an NDA before we share the code?
- Yes. We sign your NDA before any code review starts. If you prefer, we can sign ours — it covers mutual confidentiality and the audit-specific scope.