GrumPHP vs local-php-security-checker

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

GrumPHP		local-php-security-checker
	Project
25	Mentions	5
4,088	Stars	1,148
0.6%	Growth	-
8.0	Activity	2.9
27 days ago	Latest Commit	8 days ago
PHP	Language	Go
MIT License	License	GNU Affero General Public License v3.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

GrumPHP

Posts with mentions or reviews of GrumPHP. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-18.

PHP libraries and tools
47 projects | dev.to | 18 Oct 2023

GrumPHP: A PHP code-quality tool.
Recommended Code Review Plugin for Github?
2 projects | /r/laravel | 6 Jun 2023

Depends on what you mean by plugin, but a GrumPHP is a great tool. It registers a pre-commit git hook that runs whatever quality tools you've configured every time someone commits. If one of the checks fail, the commit is aborted. It's very easy to install and configure.
Looking to build a code quality tool for Laravel - opinions wanted
1 project | /r/laravel | 6 Feb 2023
PHPUnit, do i need to learn it?
5 projects | /r/PHP | 6 Jan 2023

sounds like you heard of Grumphp
Ideas for minimum PHP pipeline for a small team
7 projects | /r/PHP | 30 Dec 2022
Ensure a beaut code with Laravel Pint
1 project | dev.to | 17 Oct 2022

Of course, in this simple way, you will need run the command before commits to ensure a correct code style. We can improve this we can to use some pre-commit hook, like a grumphp https://github.com/phpro/grumphp.
A quality inspection hook installer
1 project | /r/PHP | 9 Sep 2022

How does this compare to existing tools like GrumPHP or Captain Hook? Why should I use it instead?

2 projects | /r/laravel | 8 Sep 2022

Are you aware of GrumPHP?
Is there a way to run commands before PHPStorm commits?
2 projects | /r/phpstorm | 7 Jun 2022

I use grumphp to run phplint, phpstan, Easy coding standard (includes php-cs fixer) and phpunit. All four will automatically run before every commit, stopping any 'below standard' code from being committed. Example config file
What are some helpful tools every Laravel CI pipeline should have?
3 projects | /r/laravel | 26 Mar 2022

like valplet said: https://github.com/phpro/grumphp But also: https://styleci.io/ integrates nicely with git For client side code formatting check: https://prettier.io/

local-php-security-checker

Posts with mentions or reviews of local-php-security-checker. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-03-26.

What are some helpful tools every Laravel CI pipeline should have?
3 projects | /r/laravel | 26 Mar 2022

test -d local-php-security-checker || curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v1.2.0/local-php-security-checker_1.2.0_linux_amd64 --output local-php-security-checker chmod +x local-php-security-checker ./local-php-security-checker
Unknown error running php bin/console security:check
1 project | /r/symfony | 2 Nov 2021

The best alternative to use now is to download a local-security-checker binary (https://github.com/fabpot/local-php-security-checker/releases), saving it in the bin folder, and running that binary (via bin/local-php-security-checker).
PHP libraries and tools
36 projects | dev.to | 22 Sep 2021

Local PHP Security Checker: PHP security vulnerabilities checker
Laravel QR Code Generator Infected with Malware
5 projects | /r/PHP | 11 Sep 2021

It looks like they utilize this repo for advisories: https://github.com/FriendsOfPHP/security-advisories/ -- via https://symfony.com/blog/the-php-security-checker-as-a-docker-image
Why does validating a user require 14000 files?
4 projects | news.ycombinator.com | 30 Aug 2021

https://github.com/fabpot/local-php-security-checker
I agree, composer is not perfect, but before it was worse.

What are some alternatives?

When comparing GrumPHP and local-php-security-checker you can also consider the following projects:

PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!

SecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily

PHP CS Fixer - A tool to automatically fix PHP Coding Standards issues

Spout - Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way

PHP Code Sniffer - PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

ComposerRequireChecker - A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies

PHPCPD - Copy/Paste Detector (CPD) for PHP code.

google-api-php-client-services

drupal-project - :rocket: Composer template for Drupal projects. Quick installation via "composer create-project drupal-composer/drupal-project"

google-api-php-client - A PHP client library for accessing Google APIs

PHP Mess Detector - PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

churn-php - Discover files in need of refactoring.