squizlabs / php_codesniffer
PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
Fund package maintenance!
Open Collective
PHPCSStandards
jrfnl
Installs: 281 617 723
Dependents: 26 458
Suggesters: 50
Security: 2
Stars: 1 021
Watchers: 17
Forks: 60
Open Issues: 156
Requires
- php: >=5.4.0
- ext-simplexml: *
- ext-tokenizer: *
- ext-xmlwriter: *
Requires (Dev)
- phpunit/phpunit: ^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.3.4
- 4.0.x-dev
- dev-master / 3.x-dev
- 3.11.2
- 3.11.1
- 3.11.0
- 3.10.3
- 3.10.2
- 3.10.1
- 3.10.0
- 3.9.2
- 3.9.1
- 3.9.0
- 3.8.1
- 3.8.0
- 3.7.2
- 3.7.1
- 3.7.0
- 3.6.2
- 3.6.1
- 3.6.0
- 3.5.8
- 3.5.7
- 3.5.6
- 3.5.5
- 3.5.4
- 3.5.3
- 3.5.2
- 3.5.1
- 3.5.0
- 3.4.2
- 3.4.1
- 3.4.0
- 3.3.2
- 3.3.1
- 3.3.0
- 3.2.3
- 3.2.2
- 3.2.1
- 3.2.0
- 3.1.1
- 3.1.0
- 3.0.x-dev
- 3.0.2
- 3.0.1
- 3.0.0
- 3.0.0RC4
- 3.0.0RC3
- 3.0.0RC2
- 3.0.0RC1
- 3.0.0a1
- 2.9.x-dev
- 2.9.2
- 2.9.1
- 2.9.0
- 2.8.1
- 2.8.0
- 2.7.1
- 2.7.0
- 2.6.2
- 2.6.1
- 2.6.0
- 2.5.1
- 2.5.0
- 2.4.0
- 2.3.4
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.0
- 2.0.0
- 2.0.0RC4
- 2.0.0RC3
- 2.0.0RC2
- 2.0.0RC1
- 2.0.0a2
- 2.0.0a1
- 1.5.x-dev
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.1
- 1.5.0
- 1.5.0RC4
- 1.5.0RC3
- 1.5.0RC2
- 1.5.0RC1
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- dev-feature/773-safeguard-against-duplicate-test-markers
- dev-feature/generators-dont-print-title-if-no-docs
- dev-feature/3.x-metrics-for-switch-statements
- dev-feature/variable-sniffs-minor-performance-tweak
- dev-TEST/ghactions-revert-code-coverage-php-version
- dev-phpcs-4.x/remove-external-tooling-sniffs
- dev-4.x/feature/ci-prevent-issues-with-code-coverage
- dev-feature/3769-improve-todo-fixme-sniffs
- dev-feature/dont-ignore-internal-errors
- dev-phpcs-4.x/gitattributes-dont-ignore-test-framework-files
- dev-feature/pear-psr2-psr12-functioncallsignature-check-anon-classes
- dev-phpcs-4.x/tokenizer-php-minor-tweak
- dev-phpcs-4.x/file-isreference-simplify
- dev-phpcs-4.x/3115-let-static-be-static
- dev-feature/psr12-fileheader-more-modular-errorcode-spacing-after
- dev-feature/add-security-file
This package is auto-updated.
Last update: 2024-12-22 13:47:24 UTC
README
Note
This package is the official continuation of the now abandoned PHP_CodeSniffer package which was created by Squizlabs.
About
PHP_CodeSniffer is a set of two PHP scripts; the main phpcs
script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf
script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.
Requirements
PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.
If you're using PHP_CodeSniffer as part of a team, or you're running it on a CI server, you may want to configure your project's settings using a configuration file.
Installation
The easiest way to get started with PHP_CodeSniffer is to download the Phar files for each of the commands:
# Download using curl curl -OL https://phars.phpcodesniffer.com/phpcs.phar curl -OL https://phars.phpcodesniffer.com/phpcbf.phar # Or download using wget wget https://phars.phpcodesniffer.com/phpcs.phar wget https://phars.phpcodesniffer.com/phpcbf.phar # Then test the downloaded PHARs php phpcs.phar -h php phpcbf.phar -h
These Phars are signed with the official Release key for PHPCS with the
fingerprint 689D AD77 8FF0 8760 E046 228B A978 2203 05CD 5C32
.
As of PHP_CodeSniffer 3.10.3, the provenance of PHAR files associated with a release can be verified via GitHub Artifact Attestations using the GitHub CLI tool with the following command: gh attestation verify [phpcs|phpcbf].phar -o PHPCSStandards
.
Composer
If you use Composer, you can install PHP_CodeSniffer system-wide with the following command:
composer global require "squizlabs/php_codesniffer=*"
Make sure you have the composer bin dir in your PATH. The default value is ~/.composer/vendor/bin/
, but you can check the value that you need to use by running composer global config bin-dir --absolute
.
Or alternatively, include a dependency for squizlabs/php_codesniffer
in your composer.json
file. For example:
{ "require-dev": { "squizlabs/php_codesniffer": "^3.0" } }
You will then be able to run PHP_CodeSniffer from the vendor bin directory:
./vendor/bin/phpcs -h ./vendor/bin/phpcbf -h
Phive
If you use Phive, you can install PHP_CodeSniffer as a project tool using the following commands:
phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcs phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcbf
You will then be able to run PHP_CodeSniffer from the tools
directory:
./tools/phpcs -h ./tools/phpcbf -h
Git Clone
You can also download the PHP_CodeSniffer source and run the phpcs
and phpcbf
commands directly from the Git clone:
git clone https://github.com/PHPCSStandards/PHP_CodeSniffer.git
cd PHP_CodeSniffer
php bin/phpcs -h
php bin/phpcbf -h
Getting Started
The default coding standard used by PHP_CodeSniffer is the PEAR coding standard. To check a file against the PEAR coding standard, simply specify the file's location:
phpcs /path/to/code/myfile.php
Or if you wish to check an entire directory you can specify the directory location instead of a file.
phpcs /path/to/code-directory
If you wish to check your code against the PSR-12 coding standard, use the --standard
command line argument:
phpcs --standard=PSR12 /path/to/code-directory
If PHP_CodeSniffer finds any coding standard errors, a report will be shown after running the command.
Full usage information and example reports are available on the usage page.
Documentation
The documentation for PHP_CodeSniffer is available on the GitHub wiki.
Issues
Bug reports and feature requests can be submitted on the GitHub Issue Tracker.
Contributing
See CONTRIBUTING.md for information.
Versioning
PHP_CodeSniffer uses a MAJOR.MINOR.PATCH
version number format.
The MAJOR
version is incremented when:
- backwards-incompatible changes are made to how the
phpcs
orphpcbf
commands are used, or - backwards-incompatible changes are made to the
ruleset.xml
format, or - backwards-incompatible changes are made to the API used by sniff developers, or
- custom PHP_CodeSniffer token types are removed, or
- existing sniffs are removed from PHP_CodeSniffer entirely
The MINOR
version is incremented when:
- new backwards-compatible features are added to the
phpcs
andphpcbf
commands, or - backwards-compatible changes are made to the
ruleset.xml
format, or - backwards-compatible changes are made to the API used by sniff developers, or
- new sniffs are added to an included standard, or
- existing sniffs are removed from an included standard
NOTE: Backwards-compatible changes to the API used by sniff developers will allow an existing sniff to continue running without producing fatal errors but may not result in the sniff reporting the same errors as it did previously without changes being required.
The PATCH
version is incremented when:
- backwards-compatible bug fixes are made
NOTE: As PHP_CodeSniffer exists to report and fix issues, most bugs are the result of coding standard errors being incorrectly reported or coding standard errors not being reported when they should be. This means that the messages produced by PHP_CodeSniffer, and the fixes it makes, are likely to be different between PATCH versions.