Pricing codebase audit
Posted by SoftSkillSmith@reddit | ExperiencedDevs | View on Reddit | 15 comments
Hey everyone,
I’m a Senior Product Engineer / Architect based in Western Europe. I usually take on longer-term freelance contracts (currently billing at €110/hour), but I’ve recently been approached by an e-commerce scale-up for a standalone frontend audit, and I'm looking for advice on how to price and package it.
Context:
- The Client: A fast-growing B2C e-commerce scale-up (\~20 people).
- The Stack: Vue.js / Nuxt.
- The Problem: They’ve built a successful platform, but tech debt is accumulating. For example they have SonarQube in their pipeline but unit test code coverage metrics aren't enforced. They have E2E tests, but they are flaky and mostly ignored and the list goes on...
- The Goal: The Tech Lead (who has a non-engineering background) wants a "fresh pair of eyes" to look at their frontend setup.
- The Business KPIs: They explicitly told me their main drivers for this audit are Performance (Core Web Vitals) and Conversion (checkout funnel).
- Deliverable: A prioritized audit report/roadmap that their PMs can easily digest and pull into their sprints.
The Pricing Dilemma: If I just bill this hourly, factoring in onboarding, local dev setup, 1-on-1 interviews with their frontend devs (to gauge developer experience/friction), reviewing the code, and writing the report...it might take me roughly 3 to 5 days, maybe more.
At €110/hr, that’s roughly €2,500 to €4,500.
However, since this is an e-commerce platform where performance directly impacts conversion, a tactical report that speeds up their checkout process could be worth tens of thousands of euros in recurring revenue.
Because of this, I'm leaning away from hourly billing and considering offering fixed-price tiers (e.g., a €6k "Architectural Health Check" vs a €10k "Performance & Conversion Strategy"). I will also likely do a half-day on-site kickoff (travel is about 2.5 hours each way and maybe hotel costs on top of that)
Note: I have already asked the client for their rough budget bandwidth to make sure we are in the same ballpark, but haven't gotten their number yet.
My questions for the experienced folks here:
- Do you do fixed-price or tiered pricing for architecture/codebase audits? If so, how do you prevent scope creep when you don't know exactly what mess you'll find in the repo?
- What is a reasonable price range for this kind of high-value audit in the European market? Is aiming for the €6k - €10k range realistic for a 20-person scale-up?
- For those who have successfully sold audits at a premium, what specific deliverables (besides a PDF report) made the client feel it was worth every penny?
Appreciate any insights!
rodw@reddit
L
Ok-Daikon4702@reddit
As an engineer I would be pretty skeptical when I receive a report that only took 3-5 days to produce. The only reports I personally have received were pen test ones and those all subjectively fall under the "more time = better" category for me. I know those reports get very expensive (in western Europe).
Questions I have for you would be
- Is there trust between the executors and the one hiring you?
- Have you talked to anyone technical that is higher up in the org?
- What could you possibly learn in 3-5 days that we can't find and solve ourselves?
SoftSkillSmith@reddit (OP)
> - Is there trust between the executors and the one hiring you?
Good question. I don't know and that's something I have to gauge in my chat with the developers.
> - Have you talked to anyone technical that is higher up in the org?
That would be my first order of business. Either during the kickoff or in 1:1 sessions in the first few days.
> - What could you possibly learn in 3-5 days that we can't find and solve ourselves?
Valid point. After reading the comments and giving myself some time to think I also feel this is not a realistic time frame.
Ok-Daikon4702@reddit
Ye so this is exactly what I mean when I say I wouldn't trust a report that was generated that quickly. Gathering the context you mentioned I'd say already takes more than a week, that week is still work.
I've met a bunch of consultants when I was working for companies that did or did not trust the employees and my anecdotal experience is that the ones that gather context first for a good while produce the most useful results. If I was a decision maker I would only pay for those, even if they came at a premium.
Something you can try to sell instead of the entire thing is just a week of doing exploring and gathering context. It needs to be extremely clear that it's will only contain possible subjects you can work on further though.
Sheldor5@reddit
how can someone become a tech lead without a technical background???
this is fucking insane ...
Material-Smile7398@reddit
I was wondering that as well, that may well be the root cause of their issues here if standards aren’t enforced by the tech lead
SoftSkillSmith@reddit (OP)
I'm also sensing that part of the job will be to coach him a little, which is why he's asking for this audit in the first place.
Advanced_Drawer_3825@reddit
The non-engineering tech lead is the detail that matters most here. Most audit reports become shelf-ware because they read like technical laundry lists nobody outside engineering touches. Tie every finding back to the two KPIs they told you about: Core Web Vitals and conversion. "This checkout bundle is 2MB and adds 3 seconds on mobile" lands way harder than "reduce bundle size." Throw in a quick wins section with stuff they can ship in 2 sprints. That's also how you turn a one-time audit into a follow-up contract.
SoftSkillSmith@reddit (OP)
This is an incredibly valuable insight. I've been on the receiving end of those types of audits and my career is a trail of backlogs filled with the good intentions from those reports lol. That's exactly why I made sure to press him in his business goals, so I don't end up waxing poetic about linting rules or other stuff that doesn't move the needle.
Anphamthanh@reddit
for a frontend audit at your rate, I'd scope it as a fixed-price deliverable with a clear artifact, not a time-and-materials engagement. the client gets a concrete output, you avoid scope bleed.
typical structure that works: a written report with prioritized findings (P1/P2/P3), architecture diagrams of what exists vs what's recommended, and an effort estimate for remediation work. something like 3-5 days of audit work plus a half-day for the final readout call.
at 110/hr that puts the audit in the 3-5k range depending on codebase complexity. that's fair for a senior architect doing a one-time engagement. the trap is underpricing because it feels like "just looking at code" when in reality you're taking accountability for the findings and fielding follow-up questions for weeks afterward. price for the total cost of the engagement, not the hours you're physically in the codebase.
saposapot@reddit
Correct, this feels more like a fixed price endeavour or at least a consulting rate that is much higher than your normal.
Just don't forget that fixed price also means you need to control the scope and make it very clear.
1 week also seems too little but that's up to you
Deep_Ad1959@reddit
one thing worth scoping carefully in the deliverable: the flaky e2e tests they mentioned. in my experience that single line item can eat a surprising amount of audit time because the root causes are usually scattered across test data management, selector strategy, and missing wait conditions rather than one obvious fix. i'd either cap that as a separate section with clear boundaries or flag it as a follow up engagement. otherwise you'll end up debugging their CI for free.
titpetric@reddit
A pentest can exceed those budgets but is security focused, I think your pricing is sort of fine, the question is what they can give you for clarity, what kind of timeframe do they want the turn around? How quick do you deliver actionables?
SoftSkillSmith@reddit (OP)
They're not in a rush and there's no deadline, which means I don't need to factor in time constraints.
titpetric@reddit
You kind of do as the cost basis, you expect X hours of work, at some frequency and duration translated to the number you invoice
Are you done in a week?