New Study: 90% of Large Code Changes Ship Without Any Code Review

Analysis of 802,979 GitHub pull requests reveals self-merge rates hit 71% while bot automation collapsed from 62% to 15%

UNITED KINGDOM, January 28, 2026 /EINPresswire.com/ -- A new analysis of 802,979 merged pull requests reveals that code review practices continued to decline in 2025, with 90% of large code changes (over 1,000 lines) shipping without any formal review—up from 83% in 2024.

The 2025 Engineering Benchmarks study, published by CodePulse, examined public GitHub data to track how software development practices have evolved. The findings paint a concerning picture of modern software quality assurance.

KEY FINDINGS

Self-merge rates climbed to 71%, up from 68% in 2024. Nearly three-quarters of all code now ships without another developer approving the merge.

The larger the change, the less scrutiny it receives. Review comments per 100 lines of code drops from 0.98 for small PRs to just 0.05 for massive ones—a 20x reduction in oversight per line.

Bot-generated pull requests collapsed from 62% at their 2022 peak to just 15.5% in October 2025. Teams have become far more selective about automated dependency updates, marking the end of the automation boom.

First-time contributors now wait 38% longer than veterans to get their code merged, an improvement from the 53% penalty observed in 2024.

HOW AI COMPANIES SHIP CODE

The study also examined how engineering teams at major AI companies ship code for their developer tools:

Google's Gemini CLI demonstrated exceptional review culture, with 86% of pull requests receiving formal review—six times the GitHub average of 14.6%.

Anthropic's Claude Code repository showed the fastest median cycle time at 0.9 hours, 70% faster than typical team workflows.

OpenAI's Codex balanced speed and review, maintaining a 2.3-hour median cycle time while achieving 53% review engagement.

All three AI tool repositories were almost entirely human-driven, with less than 3% bot-generated pull requests compared to the 15.5% GitHub average.

IMPLICATIONS FOR SOFTWARE SECURITY

The findings raise questions about software security and quality assurance across the industry. When the majority of code ships without peer review, potential vulnerabilities, bugs, and technical debt can accumulate undetected.

"The code review culture many teams claim to have is increasingly fiction," the report states. "When 90% of major changes ship without a single approval or comment, organizations need to examine whether their stated practices match reality."

METHODOLOGY

The study analyzed merged pull requests from GitHub Archive using Google BigQuery. "No formal review" was defined as zero approvals, zero change requests, and zero review comments. The analysis covered 262,212 repositories and 191,099 unique developers.

The full 2025 Engineering Benchmarks report, including interactive visualizations and methodology notes, is available at codepulsehq.com/research/code-review-study-2025.

ABOUT CODEPULSE

CodePulse is an engineering intelligence platform that helps engineering leaders gain visibility into team velocity and code review practices. The platform provides automated benchmarking against industry standards with read-only GitHub integration.

Ashley Russell
CodePulse
info@codepulsehq.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.