PHP Static Analysis

Open-source PHP projects categorized as Static Analysis Edit details

Top 23 PHP Static Analysis Projects

  • PHP Parser

    A PHP parser written in PHP

    Project mention: Readonly classes RFC accepted | | 2022-05-13

    The PR in PHP-Parser is already on the way ↓

  • PHP CS Fixer

    A tool to automatically fix PHP Coding Standards issues

    Project mention: Php-Cs-Fixer - A tool to automatically fix php coding standards issues | | 2022-06-25
  • Cloudways

    Managed Cloud Hosting Platform. Cloudways leverages advanced technology and powerful servers. Cloudways is a one-click managed cloud hosting platform that provides cloud application and server management solutions.

  • PHP Code Sniffer

    PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

    Project mention: Hi! What are packages available in laravel for me to download that can greatly improve code quality and productivity? Im at laravel 9. Its will be used as an API system. | | 2022-06-24
  • phan

    Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

    Project mention: Introducing Phirs (0.1.0), a cross-platform and well-tested user directory path provider library, including cache and config paths | | 2022-02-20

    I don't think so. Phoronix Test Suite is a big example. Plus, in the PHP community itself, there are so many CLI apps: Composer, PHPUnit, static analyzers like Phan, just to name a few. Symfony Console component has more than 9k stars, so this should mean PHP is a capable tool for CLI apps.

  • Psalm

    A static analysis tool for finding errors in PHP applications

    Project mention: Looking for good architecture guides/lectures | | 2022-06-30
  • PHP Mess Detector

    PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

    Project mention: Github Actions for Symfony 5 PHPUnit and more | | 2021-11-10

    name: Symfony 5 Tests on: push: branches: - main - dev pull_request: jobs: symfony: name: Symfony 5.0 (PHP ${{ matrix.php-versions }}) # runs-on: ubuntu-latest strategy: fail-fast: true matrix: php-versions: ['7.4'] steps: # (official) - name: Checkout uses: actions/[email protected] # (community) - name: Setup PHP, extensions and composer with shivammathur/setup-php uses: shivammathur/[email protected] with: php-version: ${{ matrix.php-versions }} extensions: mbstring, xml, ctype, iconv, intl, pdo_sqlite, dom, filter, gd, iconv, json, mbstring, pdo # Composer - name: Get composer cache directory id: composer-cache run: echo "::set-output name=dir::$(composer config cache-files-dir)" # - name: Cache composer dependencies uses: actions/[email protected] with: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --no-suggest --prefer-dist --optimize-autoloader # - name: Security check installed dependencies uses: symfonycorp/[email protected] # (community) - name: Check PSR12 code style (PHP_CodeSniffer) uses: chekalsky/[email protected] with: enable_warnings: true installed_paths: '${{ github.workspace }}/vendor/squizlabs/php_codesniffer' phpcs_bin_path: './vendor/bin/phpcs src --ignore="Migrations/"' # # - name: Analyses PHP Code (PHP Mess Detector) # run: vendor/bin/phpmd src,tests text .phpmd-ruleset.xml # - name: Analyse PHP Code (PHPStan) run: vendor/bin/phpstan analyse src - name: Cache node_modules uses: actions/[email protected] id: yarn-cache-node-modules with: path: node_modules key: ${{ runner.os }}-yarn-cache-node-modules-${{ hashFiles('**/yarn.lock') }} restore-keys: | ${{ runner.os }}-yarn-cache-node-modules- - name: Yarn install if: steps.yarn-cache-node-modules.outputs.cache-hit != 'true' run: yarn install - name: Yarn build run: yarn run encore production - name: Archive production artifacts uses: actions/[email protected] with: name: build path: public/build # Symfony - name: Check the Symfony console run: | php bin/console -V php bin/console about # Tests - name: Run unit and functional tests run: | php bin/phpunit --stop-on-failure # - name: Run Behat/Mink tests # run: | # php vendor/bin/behat

  • Deptrac

    Keep your architecture clean.

    Project mention: The use of `class` for things that should be simple free functions (2020) | | 2022-05-29

    >I wonder: Is automatic DI even helpful? You save some lines of boilerplate but sacrifice control over the initialization-order and get a flat, messy, implicit dependency graph

    Initialization order doesn't matter if your services are stateless. At least in our codebase, all of them are stateless, as it greatly simplifies reasoning about concurrent code (both in-process and between servers). Yes, it's easy to end up with a very a convoluted dependency graph under the hood, but I don't think it's a problem you really should care about. I mean, your code most likely already compiles to a very convoluted mess of machine code under the hood (with all the optimizations, ABI quirks etc.) and I doubt it matters to you much, as long as it does its job well and doesn't hinder your productivity.

    If you are talking about messy dependency graphs from the architectural standpoint (someone can easily add a dependency in the constructor without thinking about the consequences), we use deptrac for our PHP monolith which can validate your architecture is clean at build time [0]

    However, for our microservices written in Go, we decided to use manual DI to stimulate developers to prefer simpler design, otherwise our microservices could quickly turn to monoliths again.


  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • PHPCompatibility

    PHP Compatibility check for PHP_CodeSniffer

    Project mention: PHP8 is pushing me over the edge ... | | 2022-06-08

    Another helpful tool is PHP_CodeSniffer with the PHP Compatibility Coding Standard-ruleset.

  • php-language-server

    PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

    Project mention: anyone got a lsp setup with php? | | 2021-12-19

    FWIW I played with once and it performed poorly with a large code base -- indexing took ages, and it couldn't handle some large (machine-generated) files at all (literally refused to index files above a certain size, and when I removed that limit it took about 45 minutes to do it). My TAGS file takes a few seconds to build, so if you only need indexing I'd just use

  • PHP Architecture Tester

    PHP Architecture Tester - Easy to use architectural testing tool for PHP :heavy_check_mark:

    Project mention: arkitect VS PHP Architecture Tester - a user suggested alternative | | 2021-09-16

    Easy to use architecture testing tool for PHP

  • enlightn

    Your performance & security consultant, an artisan command away.

    Project mention: A Laravel package to monitor the health of your application | | 2021-12-13

    you can also check

  • BackwardCompatibilityCheck

    :ab: Tool to compare two revisions of a class API to check for BC breaks

    Project mention: PHP libraries and tools | | 2021-09-22

    roave/backward-compatibility-check: Tool to compare two revisions of a class API to check for BC breaks

  • phpmnd

    PHP Magic Number Detector

    Project mention: Please Put Units in Names | | 2022-03-20

    PHP mess detector has a rule for this called "Magic Number Detector" ( which will cause an error when it encounters numbers that violate the parameters you set.

  • unused-scanner

    Detect unused composer dependencies

  • phpstan-strict-rules

    Extra strict and opinionated rules for PHPStan

    Project mention: Weekly help thread | | 2022-04-04

    phpstan has some strictness rules which, at a glance, can cover this:

  • Exakat

    The Exakat Engine : smart static analysis for PHP

  • phpstan-deprecation-rules

    PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.

  • psalm-plugin-laravel

    A Psalm plugin for Laravel

    Project mention: [Poll] Do you use preloading in your applications? | | 2021-07-04

    Also disagree with the static analysis take - we have dozens of Laravel applications that pass Psalm's static analysis with the strictest settings. All it takes is the Laravel plugin and some DocBlocks here and there.

  • phpstan-wordpress

    WordPress extensions for PHPStan ⛏️

  • functional

    PHP Functional Programming library. Monads, common use functions and generic collections.

    Project mention: Psalm friendly generators based Streams | | 2021-09-17

    Hello. I've added Psalm friendly generators based Stream support in my lib. It can be useful if you care for memory usage.

  • phpstan-drupal

    Extension for PHPStan to allow analysis of Drupal code.

    Project mention: Better static analysis with entity type storages in phpstan-drupal 1.10 | | 2021-11-25

    I just opened this issue for private properties when dependency serialization is used:

  • phpstan-dba

    PHPStan based SQL static analysis and type inference for the database access layer

    Project mention: Type inference for the database access layer in PHP | | 2022-05-27

    a PHPStan extension called phpstan-dba, which supports result-set type inference and sql syntax checking capabilites. Its really helpful to get your codebase type coverage improved from the ground up, as typically the database access apis are a big source of mixed types.

  • wordpress-stubs

    Up-to-date WordPress function and class declaration stubs for static analysis by PHPStan

    Project mention: wp-env IDE setup | | 2021-12-23
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-06-30.

PHP Static Analysis related posts


What are some of the best open-source Static Analysis projects in PHP? This list will help you:

Project Stars
1 PHP Parser 15,506
2 PHP CS Fixer 11,178
3 PHP Code Sniffer 9,495
4 phan 5,282
5 Psalm 4,809
6 PHP Mess Detector 2,057
7 Deptrac 1,959
8 PHPCompatibility 1,801
9 php-language-server 1,092
10 PHP Architecture Tester 708
11 enlightn 669
12 BackwardCompatibilityCheck 507
13 phpmnd 499
14 unused-scanner 413
15 phpstan-strict-rules 393
16 Exakat 367
17 phpstan-deprecation-rules 230
18 psalm-plugin-laravel 218
19 phpstan-wordpress 163
20 functional 154
21 phpstan-drupal 144
22 phpstan-dba 123
23 wordpress-stubs 90
Find remote jobs at our new job board There are 2 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
Less time debugging, more time building
Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.