PHP Coding standard tools and configuration

As we all know by now, applications evolve a lot during their lifetime and so does the team that works on those applications. There are always people that leave a team to transition to another team or leave the company as there are also new joiners to a team.

It’s a continuous struggle to keep up with the same approach, paradigms, or coding styles in any programming language and application with so many changes in the team or application itself.

Thankfully we have the so-called, coding standard tools, at our disposal as developers to help us mitigate these issues and make sure that everyone is on the same page and adheres to the defined rules when writing new code to extend the application and reading old code when something has to be changed.

For PHP, these tools are:

• PHP Mess Detector (PHPMD)
• PHP Code Sniffer (PHPCS)
• PHP Code Sniffer Fixer (PHPCBF)
• PHPSTAN
• PSALM
  

1. PHP Mess Detector (PHPMD)

PHPMD makes sure that your code follows the SOLID principles, adheres to the software design patterns, follows the naming conventions, and checks for unused code. This is all done by the list of rules the PHPMD has and those rules are grouped into 6 rulesets:

• Clean Code Rules
• Code Size Rules
• Controversial Rules
• Design Rules
• Naming Rules
• Unused Code Rules

You can find out more about each of these groups and the rules that they have by visiting their respective documentation. Below you’ll find my most used configuration for this tool with 2 examples of how to override rules, specifically for naming to ignore the $id property of a class or database model or i,j loop variables and how to ignore a static call for a class if there is no other way how to call that class.

2. PHP Code Sniffer (PHPCS)

This tool is used to detect code violations based on a predefined set of rules, like, for example, forbidding the use of certain functions like var_dump, delete, extract, sizeof, etc. Standardize the usage of single or double quotes, type-hinting, doc block, spacing, forbidden annotations, etc.

Personally, I prefer to use this tool in combination with https://github.com/slevomat/coding-standard and that’s where the configuration below also relies on.

3. PHP Code Sniffer Fixer (PHPCBF)

PHPCBF is an addition to PHPCS. What it does is that it tries to fix as many of the reported issues as possible. I’m emphasizing the as many as possible here since PHPCBF cannot fix all of the reported issues. It fixes the simple line code formatting in regards to spacing, quotes format, and some minor code changes on some conditions, using fully qualified names for your imports, but it doesn’t automatically correct everything for you.

4. PHPSTAN

This tool makes sure that your code is properly annotated and that it has the correct return types. It makes it a lot easier to work with the code base, not only for the automated tools and tests but also for other technical or non-technical people who work with the code. Here is my configuration with a custom rule for this tool.

5. PSALM

Psalm is also a static analysis tool like PHPSTAN but PASLM attempts to dig into your program and find many more issues than PHPSTAN. It has a few features that go further than other similar tools:

• Mixed type warnings
  This means that we cannot use mixed as type-hint or return type but PHPSTAN allows this.
• Intelligent logic checks
  Keeps track of logical assertions made about your code, so if ($a && $a) {} and if ($a && !$a) {} are both treated as issues. Checks also logical assertions made in prior code paths, preventing issues like if ($a) {} elseif ($a) {}.
• Property initialization checks
  Makes sure that all properties of a given object have values after the constructor is called.
• Taint analysis
  PSALM can detect security vulnerabilities in your code.
• Automatic fixes and refactoring
  PSALM can fix many of the issues it finds automatically and perform simple refactors from the command line.

Here is my basic PSALM configuration.

NOTE: Personally I like to use a combination of PHPSTAN and PSALM on my projects since they check different aspects of your codebase, even though they seem quite similar

Hope you find this article useful and that it can help you in your day-to-day work. Please follow me on medium and subscribe for more articles like this.