phpstan / phpstan-strict-rules
Extra strict and opinionated rules for PHPStan
Installs: 36 834 686
Dependents: 3 135
Suggesters: 4
Security: 0
Stars: 608
Watchers: 18
Forks: 48
Open Issues: 41
Type:phpstan-extension
Requires
- php: ^7.4 || ^8.0
- phpstan/phpstan: ^2.0.4
Requires (Dev)
- 2.0.x-dev
- 2.0.1
- 2.0.0
- 1.6.x-dev
- 1.6.1
- 1.6.0
- 1.5.x-dev
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.1
- 1.5.0
- 1.4.x-dev
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.1
- 1.4.0
- 1.3.0
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.0
- 1.0.0
- 0.12.11
- 0.12.10
- 0.12.9
- 0.12.8
- 0.12.7
- 0.12.6
- 0.12.5
- 0.12.4
- 0.12.3
- 0.12.2
- 0.12.1
- 0.12.0
- 0.11.1
- 0.11
- 0.10.1
- 0.10
- 0.9
- dev-renovate/major-root-composer
- dev-renovate/major-github-actions
- dev-test
This package is auto-updated.
Last update: 2024-12-17 17:16:26 UTC
README
PHPStan focuses on finding bugs in your code. But in PHP there's a lot of leeway in how stuff can be written. This repository contains additional rules that revolve around strictly and strongly typed code with no loose casting for those who want additional safety in extremely defensive programming:
- Require booleans in
if
,elseif
, ternary operator, after!
, and on both sides of&&
and||
. - Require numeric operands or arrays in
+
and numeric operands in-
/*
//
/**
/%
. - Require numeric operand in
$var++
,$var--
,++$var
and--$var
. - These functions contain a
$strict
parameter for better type safety, it must be set totrue
:in_array
(3rd parameter)array_search
(3rd parameter)array_keys
(3rd parameter; only if the 2nd parameter$search_value
is provided)base64_decode
(2nd parameter)
- Variables assigned in
while
loop condition andfor
loop initial assignment cannot be used after the loop. - Variables set in foreach that's always looped thanks to non-empty arrays cannot be used after the loop.
- Types in
switch
condition andcase
value must match. PHP compares them loosely by default and that can lead to unexpected results. - Check that statically declared methods are called statically.
- Disallow
empty()
- it's a very loose comparison (see manual), it's recommended to use more strict one. - Disallow short ternary operator (
?:
) - implies weak comparison, it's recommended to use null coalesce operator (??
) or ternary operator with strict condition. - Disallow variable variables (
$$foo
,$this->$method()
etc.) - Disallow overwriting variables with foreach key and value variables
- Always true
instanceof
, type-checkingis_*
functions and strict comparisons===
/!==
. These checks can be turned off by settingcheckAlwaysTrueInstanceof
/checkAlwaysTrueCheckTypeFunctionCall
/checkAlwaysTrueStrictComparison
to false. - Correct case for referenced and called function names.
- Correct case for inherited and implemented method names.
- Contravariance for parameter types and covariance for return types in inherited methods (also known as Liskov substitution principle - LSP)
- Check LSP even for static methods
- Require calling parent constructor
- Disallow usage of backtick operator (
$ls = `ls -la`
) - Closure should use
$this
directly instead of using$this
variable indirectly
Additional rules are coming in subsequent releases!
Installation
To use this extension, require it in Composer:
composer require --dev phpstan/phpstan-strict-rules
If you also install phpstan/extension-installer then you're all set!
Manual installation
If you don't want to use phpstan/extension-installer
, include rules.neon in your project's PHPStan config:
includes:
- vendor/phpstan/phpstan-strict-rules/rules.neon
Disabling rules
You can disable rules using configuration parameters:
parameters: strictRules: disallowedLooseComparison: false booleansInConditions: false uselessCast: false requireParentConstructorCall: false disallowedBacktick: false disallowedEmpty: false disallowedImplicitArrayCreation: false disallowedShortTernary: false overwriteVariablesWithLoop: false closureUsesThis: false matchingInheritedMethodNames: false numericOperandsInArithmeticOperators: false strictFunctionCalls: false dynamicCallOnStaticMethod: false switchConditionsMatchingType: false noVariableVariables: false strictArrayFilter: false illegalConstructorMethodCall: false
Aside from introducing new custom rules, phpstan-strict-rules also change the default values of some configuration parameters that are present in PHPStan itself. These parameters are documented on phpstan.org.
Enabling rules one-by-one
If you don't want to start using all the available strict rules at once but only one or two, you can!
You can disable all rules from the included rules.neon
with:
parameters: strictRules: allRules: false
Then you can re-enable individual rules with configuration parameters:
parameters: strictRules: allRules: false booleansInConditions: true
Even with strictRules.allRules
set to false
, part of this package is still in effect. That's because phpstan-strict-rules also change the default values of some configuration parameters that are present in PHPStan itself. These parameters are documented on phpstan.org.