dimionx/phpstan-rules

Rule for PHPStan that detects when production code depends on classes from Composer dev-dependencies, with flexible configuration to selectively allow certain classes or namespaces where needed.

Maintainers

Details

github.com/DimionX/phpstan-rules

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:phpstan-extension

pkg:composer/dimionx/phpstan-rules

1.0.2 2025-11-30 17:23 UTC

Requires

Requires (Dev)

MIT 1d63fb3ab991bd33bbff8504134df3209e05f142

composerstatic analysisPHPStanphpstan-ruledev-dependencies

This package is auto-updated.

Last update: 2025-11-30 17:31:54 UTC

README

PHPStan rule to detect usage of Composer dev-dependency classes in production code, with powerful configuration to re-allow specific classes or namespaces in places where they should be allowed.

Installation

Install the extension using Composer:

composer require --dev dimionx/phpstan-rules

Manual installation

For manual installation, add this to your phpstan.neon:

includes:
    - vendor/dimionx/phpstan-rules/extension.neon

Ignoring Errors

Only ignore errors for code that is never executed in production. Typical examples include:

  • Test files (*Test.php, */Tests/*, */tests/*)
  • Test helpers and utilities used exclusively in tests
  • Development-only scripts and tools
  • Fixture factories used solely for testing
  • Code generation scripts used during development
# phpstan.neon
parameters:
  ignoreErrors:
    # Ignore files that are allowed to use dev-packages
    -
      identifier: dev.packageUsedInProductionRule
      path: '*/Tests/*'

Features

  • Detects accidental usage of dev-dependency classes in production code
  • Configurable autoload types (PSR-4, PSR-0, classmap, files)
  • Namespace-based detection for comprehensive coverage
  • Flexible allowlists for legitimate cross-environment usage
  • composer.lock analysis for accurate dependency mapping