README

PHP Var Dump Check is a CLI tool that scans PHP source files for forgotten dump statements such as var_dump(), print_r(), framework dump helpers, and debugger dump calls.

The tool is configured with a project-local PHP config file and is designed to work well in local development and CI.

Requirements

• PHP 8.3 or newer

Installation

Install the package as a development dependency:

composer require --dev guni/php-var-dump-check

Quick start

Create the default configuration file in the current working directory:

./vendor/bin/var-dump-check init

Then run the analysis:

./vendor/bin/var-dump-check analyse

Configuration file

The tool uses a fixed config filename:

php-var-dump-check.php

By default, the file is expected in the current working directory. You can also pass a custom path to both commands.

Example:

<?php

declare(strict_types=1);

return VarDumpCheckConfig::configure()
    ->withPaths(
        paths: [
            __DIR__,
        ]
    )
    ->withSkipPaths(
        paths: [
            __DIR__ . '/vendor',
        ]
    )
    ->withSets(
        php: true,
        ladybug: false,
        tracy: true,
        zend: true,
        doctrine: true,
        symfony: true,
        laravel: true,
    );

withPaths()

Optional.

Defines the files or directories to analyse. The analysis is always recursive for directories.

If withPaths() is omitted or an empty array is passed, the current working directory is used.

Example:

->withPaths(
    paths: [
        __DIR__ . '/src',
        __DIR__ . '/templates',
    ]
)

withSkipPaths()

Optional.

Defines files or directories that should be skipped during recursive analysis.

If withSkipPaths() is omitted or an empty array is passed, nothing is skipped.

Example:

->withSkipPaths(
    paths: [
        __DIR__ . '/vendor',
        __DIR__ . '/var/cache',
    ]
)

withSets()

Defines which dump sets should be detected.

If no set is enabled, the tool exits with a clear error message. At least one set must be set to true.

Available sets:

• php
• ladybug
• tracy
• zend
• doctrine
• symfony
• laravel

The exact functions and methods covered by each set are defined in DumpConstants:

Example:

->withSets(
    php: true,
    symfony: true
)

Commands

init

Creates a new php-var-dump-check.php file.

./vendor/bin/var-dump-check init

Create the config at a custom path:

./vendor/bin/var-dump-check init tools/php-var-dump-check.php

Behavior:

• creates the default config file template
• all sets are initialized with false
• asks before overwriting an existing config file

analyse

Runs the analysis using the configured paths and dump sets.

./vendor/bin/var-dump-check analyse

Run the analysis with a custom config path:

./vendor/bin/var-dump-check analyse tools/php-var-dump-check.php

Behavior:

• scans recursively
• only checks .php and .phtml files
• returns a CI-friendly exit code

If no configuration file is found, the tool asks whether it should create one now. If you decline, it prints a hint to run init manually.

Output formats

The output format is controlled via --error-format=.... Default: text

text

Human-readable output for local development.

./vendor/bin/var-dump-check analyse --error-format=text

Example:

$ ./vendor/bin/var-dump-check analyse
...................X...

Checked 23 files in 0.1 second, dump found in 1 file

------------------------------------------------------------
Forgotten dump 'var_dump' found in ./test.php:36
    34|         $functionsToCheck = $this->prepareFunctionCheck($this->settings->functionsToCheck);
    35|
  > 36|         var_dump($functionsToCheck);
    37|
    38|         foreach ($tokens as $key => $token) {

Color output is enabled automatically when STDOUT is a TTY. In CI or when piping output, plain text is used automatically.

json

Machine-readable JSON output.

./vendor/bin/var-dump-check analyse --error-format=json

The JSON payload contains:

• a summary section with checked file count, finding count, and duration
• a findings list with dump type, file, and line

junit

JUnit XML output for CI systems and code quality integrations.

./vendor/bin/var-dump-check analyse --error-format=junit

This format is suitable for tools such as GitLab CI, GitHub Actions, Jenkins, TeamCity, and CircleCI.

Verbosity

Verbosity options only affect the text format. For json and junit, they are ignored.

-v

Print the loaded configuration before the analysis starts:

• config file path
• configured paths
• skip paths
• active sets

./vendor/bin/var-dump-check analyse -v

-vv

Print every checked file with its full path instead of progress dots.

./vendor/bin/var-dump-check analyse -vv

Exit codes

• 0 — no dump was found
• 1 — at least one dump was found, or the command failed

This makes the tool suitable for CI pipelines.

CI integration example

Plain text output

var_dump_check:
  stage: test
  image: php:8.3-cli
  script:
    - apt-get update && apt-get install -y git unzip
    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    - php composer-setup.php --install-dir=/usr/local/bin --filename=composer
    - composer install --no-interaction --prefer-dist
    - ./vendor/bin/var-dump-check analyse

JUnit report in GitLab CI

var_dump_check_junit:
  stage: test
  image: php:8.3-cli
  script:
    - apt-get update && apt-get install -y git unzip
    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    - php composer-setup.php --install-dir=/usr/local/bin --filename=composer
    - composer install --no-interaction --prefer-dist
    - ./vendor/bin/var-dump-check analyse --error-format=junit > var-dump-check.junit.xml
  artifacts:
    when: always
    reports:
      junit: var-dump-check.junit.xml

Help and version

Show help:

./vendor/bin/var-dump-check --help

Show version:

./vendor/bin/var-dump-check --version

Backward compatibility note

The old flag-based CLI has been removed. Use the init and analyse commands instead.