Search by 
apermo / phpstan-wordpress-rules
Custom PHPStan rules for WordPress projects by Apermo.
Maintainers
Package info
github.com/apermo/apermo-phpstan-wordpress-rules
Type:phpstan-extension
pkg:composer/apermo/phpstan-wordpress-rules
v0.3.0
2026-03-07 16:42 UTC
Requires
- php: >=8.1
- phpstan/phpstan: ^2.0
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-strict-rules: ^2.0
- swissspidy/phpstan-no-private: ^1.0
- szepeviktor/phpstan-wordpress: ^2.0
Requires (Dev)
- apermo/apermo-coding-standards: ^2.0
- phpunit/phpunit: ^11.0
This package is auto-updated.
Last update: 2026-03-07 23:41:18 UTC
README
Custom PHPStan rules for WordPress projects. Provides a unified static analysis configuration and custom rules across all Apermo projects.
Requirements
- PHP 8.1+
- PHPStan 2.0+
Installation
composer require --dev apermo/phpstan-wordpress-rules
If you use phpstan/extension-installer, the rules are registered automatically.
Manual Registration
Add to your phpstan.neon:
includes: - vendor/apermo/phpstan-wordpress-rules/rules.neon
What's Included
Bundled Extensions
This package automatically includes:
Custom Rules
| Rule | Category | What it detects |
|---|---|---|
| DisallowQueryPostsRule | wp-api | query_posts() usage |
| PostTypeNameLengthRule | wp-api | register_post_type() name > 20 chars |
| TaxonomyNameLengthRule | wp-api | register_taxonomy() name > 32 chars |
| TransientExpirationRule | wp-api | set_transient() without expiration |
| RemoteRequestTimeoutRule | wp-api | wp_remote_* without explicit timeout |
| PreSerializedDataRule | data-integrity | Pre-serialized data in WP storage functions |
| PreEncodedJsonDataRule | data-integrity | Pre-encoded JSON in WP storage functions |
| NoDynamicCodeExecutionRule | security | create_function(), assert() with string, preg_replace() with /e |
| NoEvalRule | security | eval() usage |
| UnsafeUnserializeRule | security | unserialize() without allowed_classes |
| NoHtmlDomParsingRule | code-quality | DOMDocument::loadHTML, tidy functions, Masterminds\HTML5 |
| NoConcatenationInTranslationRule | i18n | String concatenation inside __(), _e(), etc. |
| NoBlanketSuppressionRule | code-quality | phpcs:disable/phpcs:ignore/@phpstan-ignore without specific rules |
Development
Setup
composer install
Running Tests
composer test
Static Analysis
composer analyse
Coding Standards
composer cs
License
MIT — see LICENSE for details.