Extra strict and opinionated rules for PHPStan
PHPStan focuses on finding bugs in your code. But in PHP there's a lot of leeway in how stuff can be written. This repository contains additional rules that revolve around strictly and strongly typed code with no loose casting for those who want additional safety in extremely defensive programming:
- Require booleans in
elseif, ternary operator, after
!, and on both sides of
- Require numeric operands or arrays in
+and numeric operands in
- Require numeric operand in
- These functions contain a
$strictparameter for better type safety, it must be set to
array_keys(3rd parameter; only if the 2nd parameter
- Variables assigned in
whileloop condition and
forloop initial assignment cannot be used after the loop.
- Variables set in foreach that's always looped thanks to non-empty arrays cannot be used after the loop.
- Types in
casevalue must match. PHP compares them loosely by default and that can lead to unexpected results.
- Check that statically declared methods are called statically.
empty()- it's a very loose comparison (see manual), it's recommended to use more strict one.
- Disallow short ternary operator (
?:) - implies weak comparison, it's recommended to use null coalesce operator (
??) or ternary operator with strict condition.
- Disallow variable variables (
- Disallow overwriting variables with foreach key and value variables
- Always true
is_*functions and strict comparisons
!==. These checks can be turned off by setting
- Correct case for referenced and called function names.
- Correct case for inherited and implemented method names.
- Contravariance for parameter types and covariance for return types in inherited methods (also known as Liskov substitution principle - LSP)
- Check LSP even for static methods
- Require calling parent constructor
- Disallow usage of backtick operator (
$ls = `ls -la`)
- Closure should use
$thisdirectly instead of using
Additional rules are coming in subsequent releases!
To use this extension, require it in Composer:
composer require --dev phpstan/phpstan-strict-rules
If you also install phpstan/extension-installer then you're all set!
If you don't want to use
phpstan/extension-installer, include rules.neon in your project's PHPStan config:
includes: - vendor/phpstan/phpstan-strict-rules/rules.neon
If you don't want to start using all the available strict rules at once but only one or two, you can!
Just don't include the whole
rules.neon from this package in your configuration, but look at its contents and copy only the rules you want to your configuration under the
services: - class: PHPStan\Rules\StrictCalls\StrictFunctionCallsRule tags: - phpstan.rules.rule - class: PHPStan\Rules\SwitchConditions\MatchingTypeInSwitchCaseConditionRule tags: - phpstan.rules.rule
Unfortunately, by using
phpstan/extension-installer you can't enable it one by one, but you can ignore specific errors instead.
parameters: ignoreErrors: - '#Construct empty\(\) is not allowed. Use more strict comparison.#' - '#Call to function in_array\(\) requires parameter \#3 to be set.#'