Top Related Projects
PHP Static Analysis Tool - discover bugs in your code without running it!
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
A tool to automatically fix PHP Coding Standards issues
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
PHP Mutation Testing library
Quick Overview
Psalm is a static analysis tool for finding errors in PHP applications. It's designed to be fast, flexible, and capable of catching both obvious and subtle bugs. Psalm can be integrated into various development workflows and CI/CD pipelines to improve code quality and catch potential issues early in the development process.
Pros
- Highly configurable, allowing for customization to fit specific project needs
- Supports modern PHP features and practices
- Integrates well with popular IDEs and CI tools
- Provides detailed error messages and suggestions for fixes
Cons
- Can be overwhelming for beginners due to its extensive configuration options
- May produce false positives in certain scenarios
- Requires some initial setup and configuration for optimal use
- Performance can be slower on very large codebases
Code Examples
- Basic usage with inline annotations:
<?php
/** @psalm-suppress PossiblyUndefinedVariable */
echo $undefinedVariable;
/** @psalm-var string $maybeString */
$maybeString = getSomeValue();
echo strlen($maybeString);
- Using Psalm's type assertions:
<?php
function processArray(array $items): void {
\Psalm\Assert::allIsInstanceOf($items, \stdClass::class);
foreach ($items as $item) {
echo $item->property; // Psalm knows $item is \stdClass
}
}
- Defining custom types with Psalm:
<?php
/**
* @psalm-type Point = array{x: float, y: float}
*/
function calculateDistance(array $point1, array $point2): float {
/** @var Point $point1 */
/** @var Point $point2 */
return sqrt(pow($point2['x'] - $point1['x'], 2) + pow($point2['y'] - $point1['y'], 2));
}
Getting Started
To start using Psalm in your PHP project:
-
Install Psalm via Composer:
composer require --dev vimeo/psalm
-
Initialize Psalm in your project:
./vendor/bin/psalm --init
-
Run Psalm to analyze your code:
./vendor/bin/psalm
This will generate a basic configuration file and start analyzing your PHP files for potential issues.
Competitor Comparisons
PHP Static Analysis Tool - discover bugs in your code without running it!
Pros of PHPStan
- Faster analysis speed, especially for large codebases
- More straightforward configuration with minimal setup required
- Better integration with popular frameworks like Laravel and Symfony
Cons of PHPStan
- Less comprehensive type inference compared to Psalm
- Fewer features for fixing issues automatically
- Limited support for custom plugins and extensions
Code Comparison
Psalm:
/**
* @psalm-param array<string, int> $data
* @psalm-return array<int, string>
*/
function flipArray(array $data): array {
return array_flip($data);
}
PHPStan:
/**
* @param array<string, int> $data
* @return array<int, string>
*/
function flipArray(array $data): array {
return array_flip($data);
}
Both tools offer similar functionality for type checking and static analysis. Psalm uses @psalm-
prefixed annotations, while PHPStan uses standard PHPDoc annotations. Psalm's annotations are more specific and provide additional type information, which can lead to more precise analysis in some cases.
While both tools are excellent choices for PHP static analysis, PHPStan is often preferred for its speed and ease of use, especially in larger projects. Psalm, on the other hand, offers more advanced features and customization options for those who need fine-grained control over their static analysis process.
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Pros of Phan
- Faster analysis speed, especially for large codebases
- More extensive support for analyzing PHP 7 and 8 features
- Better integration with popular IDEs and text editors
Cons of Phan
- Steeper learning curve for configuration and customization
- Less comprehensive documentation compared to Psalm
- Fewer built-in security checks and potential vulnerability detections
Code Comparison
Phan configuration example:
<?php
return [
'target_php_version' => '7.4',
'directory_list' => ['src/'],
'exclude_analysis_directory_list' => ['vendor/'],
];
Psalm configuration example:
<?xml version="1.0"?>
<psalm
errorLevel="3"
resolveFromConfigFile="true"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://getpsalm.org/schema/config"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
>
<projectFiles>
<directory name="src" />
</projectFiles>
</psalm>
Both Phan and Psalm are powerful static analysis tools for PHP, each with its own strengths. Phan excels in performance and PHP 8 support, while Psalm offers more user-friendly documentation and built-in security checks. The choice between them often depends on specific project requirements and team preferences.
A tool to automatically fix PHP Coding Standards issues
Pros of PHP-CS-Fixer
- Focuses specifically on code style and formatting
- Offers a wide range of fixers for various coding standards
- Can automatically fix many coding style issues
Cons of PHP-CS-Fixer
- Does not perform static analysis or type checking
- Limited in detecting logical errors or potential bugs
- Requires manual configuration for project-specific rules
Code Comparison
PHP-CS-Fixer example:
$config = new PhpCsFixer\Config();
return $config->setRules([
'@PSR2' => true,
'array_syntax' => ['syntax' => 'short'],
'no_unused_imports' => true,
]);
Psalm example:
<?xml version="1.0"?>
<psalm errorLevel="4">
<projectFiles>
<directory name="src" />
</projectFiles>
</psalm>
PHP-CS-Fixer is primarily used for enforcing coding standards and formatting, while Psalm focuses on static analysis and type checking. PHP-CS-Fixer excels at maintaining consistent code style across projects, but it doesn't provide the deep code analysis and error detection capabilities of Psalm. Psalm, on the other hand, is better suited for identifying potential bugs and improving code quality beyond just formatting. Both tools serve different purposes and can be used complementarily in a PHP development workflow.
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
Pros of PHP_CodeSniffer
- Focuses on coding style and standards enforcement
- Supports a wide range of PHP versions
- Highly customizable with the ability to create custom sniffs
Cons of PHP_CodeSniffer
- Limited type checking capabilities
- Less advanced static analysis features
- May require more manual configuration for complex projects
Code Comparison
PHP_CodeSniffer:
<?php
$foo = array(1, 2, 3);
if ($foo) {
echo "Hello World";
}
Psalm:
<?php
/** @var array<int> $foo */
$foo = [1, 2, 3];
if ($foo) {
echo "Hello World";
}
Key Differences
-
Static Analysis: Psalm provides more advanced static analysis and type checking, while PHP_CodeSniffer focuses primarily on coding style and standards.
-
Performance: PHP_CodeSniffer is generally faster for simple checks, but Psalm offers more comprehensive analysis.
-
Integration: Both tools can be integrated into CI/CD pipelines, but Psalm offers better IDE integration for real-time feedback.
-
Learning Curve: PHP_CodeSniffer is easier to set up and use for basic projects, while Psalm requires more configuration for optimal results.
-
Project Size: PHP_CodeSniffer is suitable for projects of all sizes, while Psalm shines in larger, more complex codebases where advanced static analysis is crucial.
⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Pros of Larastan
- Specifically tailored for Laravel applications, providing more accurate analysis for Laravel-specific code patterns
- Easier setup and configuration for Laravel projects, with pre-configured rules and settings
- Integrates seamlessly with Laravel's service container and facades
Cons of Larastan
- Limited to Laravel ecosystem, less versatile for non-Laravel PHP projects
- Smaller community and fewer contributors compared to Psalm
- May lag behind Psalm in terms of new features and updates
Code Comparison
Larastan configuration:
<?php
return [
'paths' => [
app_path(),
database_path('factories'),
database_path('seeders'),
],
'level' => 5,
];
Psalm configuration:
<?xml version="1.0"?>
<psalm
errorLevel="3"
resolveFromConfigFile="true"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://getpsalm.org/schema/config"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
>
<projectFiles>
<directory name="src" />
</projectFiles>
</psalm>
Both tools aim to improve PHP code quality through static analysis, but Larastan focuses on Laravel-specific optimizations while Psalm offers a more general-purpose solution for PHP projects.
PHP Mutation Testing library
Pros of Infection
- Focuses specifically on mutation testing, providing a more specialized tool for this purpose
- Offers a wider range of mutators, allowing for more comprehensive mutation coverage
- Provides a clear and intuitive HTML report for easy analysis of mutation testing results
Cons of Infection
- Limited to mutation testing, while Psalm offers a broader range of static analysis features
- May require more setup and configuration compared to Psalm's out-of-the-box functionality
- Can be slower to run, especially on larger codebases, due to the nature of mutation testing
Code Comparison
Infection configuration example:
{
"source": {
"directories": [
"src"
]
},
"logs": {
"text": "infection.log"
},
"mutators": {
"@default": true
}
}
Psalm configuration example:
<?xml version="1.0"?>
<psalm
errorLevel="3"
resolveFromConfigFile="true"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://getpsalm.org/schema/config"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
>
<projectFiles>
<directory name="src" />
</projectFiles>
</psalm>
Both tools offer configuration options, but Psalm's XML format allows for more detailed static analysis settings, while Infection's JSON format focuses on mutation testing parameters.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Psalm
Psalm is a static analysis tool for finding errors in PHP applications.
Installation
To get started, check out the installation guide.
Live Demo
You can play around with Psalm on its website.
Documentation
Documentation is available on Psalmâs website, generated from the docs folder.
Interested in contributing?
Have a look at CONTRIBUTING.md.
Who made this
Built by Matt Brown (@muglug).
Maintained by Orklah (@orklah), Daniil Gentili (@danog), and Bruce Weirdan (@weirdan).
The engineering team at Vimeo have provided a lot encouragement, especially @nbeliard, @erunion and @nickyr.
Top Related Projects
PHP Static Analysis Tool - discover bugs in your code without running it!
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
A tool to automatically fix PHP Coding Standards issues
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
PHP Mutation Testing library
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot