voku / slop-scan
Deterministic PHP CLI for explainable slop heuristics in PHP repositories.
Maintainers
Requires
- php: ^8.3
- helgesverre/toon: ^3.1
- nikic/php-parser: ^5.7
- symfony/console: ^7.4
- voku/simple-php-code-parser: ^0.21.0
Requires (Dev)
- infection/infection: ^0.32.7
- phpstan/phpstan: ^2.1.54
- phpunit/phpunit: ^11.5
- dev-main
- 0.1.2
- 0.1.1
- 0.1.0
- dev-copilot/split-readme-into-docs
- dev-copilot/implement-phpstan-ignore-errors
- dev-copilot/ai-slop-detection-research
- dev-copilot/add-github-workflow-publish-phar
- dev-copilot/implement-simple-caching
- dev-copilot/integrate-dogfood-testing-ci
- dev-copilot/add-detection-rules-ai-slop
- dev-copilot/refactor-symfony-console-build
- dev-copilot/refactor-bootstrap-file-into-classes
- dev-copilot/improve-slop-scanning
- dev-copilot/add-regression-tests-and-coverage
- dev-copilot/migrate-files-to-php-version
This package is auto-updated.
Last update: 2026-05-04 21:25:36 UTC
README
💩 slop-scan
slop-scan: Deterministic PHP CLI for finding explainable slop patterns in PHP repositories.
slop-scan is a static-analysis style heuristic scanner. It is not an authorship detector. It reports concrete findings with rule IDs, evidence, scores, and stable occurrence fingerprints so results can be reviewed, compared, and tracked over time.
This repository started from a fork of modem-dev/slop-scan and was rewritten in PHP with Codex so it fits PHP tooling, packaging, and CI workflows directly.
It ships with AST-backed PHP heuristics, deterministic delta identities, compact baselines, reusable scan caching, and configurable suppressions for real-world repository adoption.
Requirements
- PHP 8.3+
- Composer
Quick start
- Install the latest release PHAR:
mkdir -p "$HOME/.local/bin" curl -fsSL https://github.com/voku/slop-scan/releases/latest/download/slop-scan.phar -o "$HOME/.local/bin/slop-scan" chmod +x "$HOME/.local/bin/slop-scan"
- Scan the current repository:
"$HOME/.local/bin/slop-scan" scan .
- Pick an output format that matches your workflow:
"$HOME/.local/bin/slop-scan" scan . --lint "$HOME/.local/bin/slop-scan" scan . --json "$HOME/.local/bin/slop-scan" scan . --github "$HOME/.local/bin/slop-scan" scan . --toon "$HOME/.local/bin/slop-scan" scan . --ndjson
- Ignore generated or irrelevant paths when needed:
"$HOME/.local/bin/slop-scan" scan . --ignore 'vendor/**' --ignore 'tests/fixtures/**'
The scanner targets PHP source files such as .php, .phtml, and .inc.
If your repository keeps its config outside the scan root, point the scan at it explicitly:
"$HOME/.local/bin/slop-scan" scan . --config-file infra/githooks/slop-scan.config.json
What it ships with
- Deterministic findings with stable occurrence fingerprints for review, delta comparisons, and baseline workflows.
- Built-in PHP heuristics for patterns such as empty catches, error swallowing, blanket suppressions, placeholder bodies, clone clusters, and type-escape hotspots.
- Multiple output targets including text, lint, JSON, GitHub annotations, TOON, and NDJSON.
- Repo-friendly controls including path ignores, per-rule overrides, PHPStan-style
ignoreErrors, and inline@slop-scan-ignoredirectives. - Reusable per-file scan caching via
.slop-scan.cache.jsonand astatscommand for repository-level summaries.
More docs
- Installation and local builds
- Delta comparisons and baselines
- Supported files and built-in rules
- Configuration and suppressions
- Report shape
- Development and validation
- Contributing
Local development quick start
Install dependencies:
composer install
Run the CLI from the repository checkout:
php bin/slop-scan.php scan .