PHP Static Analysis

Open-source PHP projects categorized as Static Analysis

Top 21 PHP Static Analysis Projects

  • GitHub repo PHP Parser

    A PHP parser written in PHP

    Project mention: Tree-sitter: an incremental parsing system for programming tools | | 2021-02-22

    I wish there was a more universal format for parsers, but I just don't think there enough people who know their stuff.

    Take PHP, a language that a lot of people use: the tree-sitter-php extension doesn't support features added in 2019, let alone features added towards the end of 2020.

    If you want an up-to-date PHP parser, there's really only one open-source parser[0] that's accurate enough to be used on PHP codebases old and new, and it's written in PHP. Then if you want to parse in a robust fashion you have to adopt a number of hacks to get everything working.

    I hadn't encountered LSIF before – can GitHub be configured to use those maps?


  • GitHub repo PHP CS Fixer

    A tool to automatically fix PHP Coding Standards issues

    Project mention: Automating code quality check using GrumPHP in Magento 2 | | 2021-04-11

    PHPCS Fixer 2

  • GitHub repo PHPStan

    PHP Static Analysis Tool - discover bugs in your code without running it!

    Project mention: Automating code quality check using GrumPHP in Magento 2 | | 2021-04-11
  • GitHub repo PHP Code Sniffer

    PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

    Project mention: Automating code quality check using GrumPHP in Magento 2 | | 2021-04-11

    suppose we miss a space at the end of the file, and phpcs fails while running the automated pipelines on pull request merge.

  • GitHub repo phan

    Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

    Project mention: What is a good tool to check codebase compatibility with PHP 8? | | 2021-04-12

    - Phan ( seems that it can check for backward compatibility but I've yet to find a way to configure it for forward-compatibility

  • GitHub repo Psalm

    A static analysis tool for finding errors in PHP applications

    Project mention: Phalcon Roadmap | | 2021-05-04

    Unfortunately we missed some. Zephir does not enjoy static analysis tools such as psalm so we had to rely on the ide stubs generation and then run psalm on that. We were successful in identifying a lot of misalignments and those were indeed fixed in v4. However the stubs generator had a couple of bugs and therefore some areas were missed, primarily in the Phalcon\Db namespace.

  • GitHub repo larastan

    ⚗️ Adds static analysis to Laravel improving developer productivity and code quality

    Project mention: Larastan 0.7.3 is released with a rule that can check Laravel Octane compatibility | | 2021-04-12

    New 0.7.3 release includes a rule that can check Laravel Octane compatibility of your application. It basically automates the things mentioned in the official docs. You can give it a try now! And let me know what do you think!

  • GitHub repo PHP Mess Detector

    PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

    Project mention: PHP Static Analysis Tools Review | | 2021-04-28

    PHP Mess Detector is a multi-faceted static analysis PHP Tool based on PHP Depend. The kind of problems detected by PHPMD are divided into 5 main categories:

  • GitHub repo PHPCompatibility

    PHP Compatibility check for PHP_CodeSniffer

    Project mention: What is a good tool to check codebase compatibility with PHP 8? | | 2021-04-12

    - phpCompatibility ( works with PHPCs, but seems that targeting PHP8 is a mixed bag (judging by issues that mention some check as WIP)

  • GitHub repo Deptrac

    Keep your architecture clean.

  • GitHub repo php-language-server

    PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

    Project mention: How to use (and contribute) to neovim's built-in language server client and nvim-lspconfig | | 2021-01-07

    but as many people working in a lot of things I have no time to try to configure with nvim-lsp

  • GitHub repo PHP Architecture Tester

    PHP Architecture Tester - Easy to use architectural testing tool for PHP :heavy_check_mark:

    Project mention: Weekly "ask anything" thread | | 2021-03-22

    Might be something for

  • GitHub repo BackwardCompatibilityCheck

    :ab: Tool to compare two revisions of a class API to check for BC breaks

    Project mention: PHP 8.1 is getting Enums, and here is an article about Enums in depth | | 2021-02-19

    btw when I talk about breaking BC I don't really mean not compatible with something stored in the DB using a previous version of the code. I mean not compatible with other PHP code written to work with a previous version of the code. It's the sort of issue exists to detect, and for which semver says you have to increase the major version number on a library.

  • GitHub repo enlightn

    Your performance & security consultant, an artisan command away.

    Project mention: Your automated performance/security consultant for Laravel apps! | | 2021-01-22

    Uhh did you check the link? It's another product. The security checker is an independent package. The Enlightn Github repo is here and the security checker is here. Lol you were so busy criticizing about emojis, you don't even know what I was talking about.

  • GitHub repo unused-scanner

    Detect unused composer dependencies

    Project mention: Unused Scanner 2.3 released | | 2021-04-15

    Now distributes as phar archive also! You can download phar from the releases page

  • GitHub repo Exakat

    The Exakat Engine : smart static analysis for PHP

  • GitHub repo phpstan-deprecation-rules

    PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.

    Project mention: What is the easiest way to migrate from 3.5.6 to 4.2? | | 2021-04-29

    yes what i do is copy the structure of the app and then use phpstan with deprecation rules to fix the most common deprecations.

  • GitHub repo psalm-plugin-laravel

    A Psalm plugin for Laravel

    Project mention: Static Analysis With Psalm | | 2021-04-23

    Psalm v3 came with a new plugin framework that makes authoring integrations for third party packages much easier. That, with Barry's IDE Helper made the Laravel Plugin a reality according to Matt.

  • GitHub repo phpstan-wordpress

    WordPress extensions for PHPStan ⛏️

    Project mention: Introducing GraphQL by PoP, a CMS-agnostic GraphQL server in PHP | | 2021-01-22

    So I have set-up PHPStan on all agnostic packages, aiming to level 8 (I'm not there yet). And with the WordPress packages I also run PHPStan (thanks to szepeviktor/phpstan-wordpress), being able to focus on WordPress code only.

  • GitHub repo phpstan-drupal

    Extension for PHPStan to allow analysis of Drupal code.

    Project mention: A minimal Drupal 9 local development environment | | 2021-02-28

    PHPStan for Drupal

  • GitHub repo wordpress-stubs

    Up-to-date WordPress function and class declaration stubs for static analysis by PHPStan

    Project mention: 🍾 GraphQL API for WordPress is now scoped, thanks to PHP-Scoper! | | 2021-03-31

    return [ 'patchers' => [ function ( $file_path, $prefix, $contents ) { /* * There is currently no easy way to simply whitelist all global WordPress functions. * * This list here is a manual attempt after scanning through the AMP plugin, which means * it needs to be maintained and kept in sync with any changes to the dependency. * * As long as there's no built-in solution in PHP-Scoper for this, an alternative could be * to generate a list based on php-stubs/wordpress-stubs. devowlio/wp-react-starter/ seems * to be doing just this successfully. * * @see * @see * @see */ $contents = str_replace( "\\$prefix\\_doing_it_wrong", '\\_doing_it_wrong', $contents ); $contents = str_replace( "\\$prefix\\__", '\\__', $contents ); $contents = str_replace( "\\$prefix\\esc_html_e", '\\esc_html_e', $contents ); $contents = str_replace( "\\$prefix\\esc_html", '\\esc_html', $contents ); $contents = str_replace( "\\$prefix\\esc_attr", '\\esc_attr', $contents ); $contents = str_replace( "\\$prefix\\esc_url", '\\esc_url', $contents ); $contents = str_replace( "\\$prefix\\do_action", '\\do_action', $contents ); // ... } ] ]

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-05-04.


What are some of the best open-source Static Analysis projects in PHP? This list will help you:

Project Stars
1 PHP Parser 14,433
2 PHP CS Fixer 10,064
3 PHPStan 9,800
4 PHP Code Sniffer 8,544
5 phan 5,051
6 Psalm 4,095
7 larastan 2,548
8 PHP Mess Detector 1,901
9 PHPCompatibility 1,583
10 Deptrac 1,538
11 php-language-server 1,024
12 PHP Architecture Tester 540
13 BackwardCompatibilityCheck 449
14 enlightn 434
15 unused-scanner 377
16 Exakat 351
17 phpstan-deprecation-rules 167
18 psalm-plugin-laravel 164
19 phpstan-wordpress 105
20 phpstan-drupal 98
21 wordpress-stubs 70