Improving Code Quality with PHP_CodeSniffer

Improving Code Quality with PHP_CodeSniffer

Presented on January 25 2020 at the PHPBenelux conference, Antwerp, Belgium.
Now you will probably have heard of PHP_CodeSniffer as a tool to check your code for consistent code style, but did you know it can also be used to check for common best practices ?

Out of the box, PHPCS already contains the basics to check your code against common industry metrics, however, when you add a few external standards into the mix, it can do so much more. Suddenly you can check your code for PHP cross-version compatibility, check your unit tests for using the right assertion or enforce strict typing across your application.

Join Juliette to learn about a variety of external standards available, what they can do for you and how to integrate them in the tooling you already use every day.



Find External Standards on Packagist:

DealerDirect Composer PHPCS plugin

PHPCSDevTools, PHPCSUtils, PHPCSExtra, PHPCompatibility et al:


Juliette Reinders Folmer

January 25, 2020


  1. Improving Code Quality with PHP_CodeSniffer Juliette Reinders Folmer Tweet about

    it: @jrf_nl #phpbnl20
  2. “ @jrf_nl #phpbnl20 Only half of programming is coding. The

    other 90% is debugging.
  3. hotblack

  4. Functional Technical Architectural Conceptual

  5. Importance Conceptual Architectural Functional Technical

  6. Pull request Merged ... typo in documentation ... ... whitespace

    ... ... please add some tests ... ... is situation x handled ... ... use early return ... ... using PHP 7.4 syntax ... ... use strict checking in your tests ...
  7. Pull request Merged ... please add some tests ... ...

    is situation x handled ...
  8. Attention Conceptual Architectural Functional Technical

  9. Marnhe du Plooy

  10. Psalm CS- Fixer PHP Stan PHP CS Exakat PHP CPD

    PHP Insights PHP MD PHP MND Rector PHP DCD Static Analysis Tools
  11. PHP CS Static Analysis Tools

  12. Brief (Re-)Introduction to PHP_CodeSniffer Nightsabre

  13. How It Works Standard (ruleset) Sniffs Checks (errorcodes)

  14. Standard Standard A Standard B Standard A Standard B Standard

    A Standard B
  15. Standard.Subset.Sniff.ErrorCode Standard.Subset.Sniff.ErrorCode Standard.Subset.Sniff.ErrorCode Standard.Subset.Sniff.ErrorCode

  16. Standard.Subset.Sniff.ErrorCode Include: <rule ref="…" /> Exclude: <exclude name="…" /> ~~~~~~~~

  17. <?xml version="1.0"?> <ruleset name="MyProject"> <exclude-pattern>*/vendor/*</exclude-pattern> <rule ref="Stnd"/> <rule ref="Stnd.Category"/> <rule

    ref="Stnd.Category.SniffName"/> <rule ref="Stnd.Category.SniffName.ErrorCode"/> <rule ref="Stnd"/> <exclude name="Stnd.Category.SniffName"/> </rule> <rule ref="Stnd.Category.SniffName"/> <exclude-pattern>*/tests/*</exclude-pattern> </rule> </ruleset> Standard A Standard B
  18. Customizing Sniffs <?xml version="1.0"?> <ruleset name="MyProject"> <rule ref="Stnd.Category.SniffName"> <properties> <property

    name="propertyA" value="true"/> <property name="propertyB" value="100"/> <property name="propertyC" type="array"> <element key="key1" value="value1"/> <element key="key2" value="value2"/> </property> </properties> </rule> </ruleset>
  19. “ @jrf_nl #phpbnl20 The nice thing about standards is that

    there are so many to choose from.
  20. PHPCS Build-in Standards PEAR PSR1 PSR2 Zend MySource Squiz PSR12

  21. Framework/CMS Standards Laravel Joomla Symfony2 CodeIgniter4 Drupal Magento WordPress MediaWiki

    Zend Framework (WebImpress) TYPO3 Yii CakePHP
  22. Functional Standards and Sniff Collections Object Calisthenics Variable Analysis Universal

    Slevomat Cognitive Complexity PHP Compatibility Import Detection Security Audit Normalized Arrays PHPCSExtra
  23. Badly set up Sniffs Fixer Conflicts Not Allowing For All

    Possible PHP Syntaxes Presuming Code Style About Sniff Quality
  24. Making it Work jeltovski

  25. Registering External Standards [1] phpcs --config-set installed_paths /path/to/dir/above/standard phpcs --config-show

    phpcs --config-set installed_paths /path/to/dir/above/standard1,/path/to/dir/above/standard2
  26. Registering External Standards [2] composer require –-dev dealerdirect/phpcodesniffer-composer-installer

  27. Discovering Sniffs kenbrasier

  28. Explain

  29. phpcs --standard=PSR12 --generator=Text (Markdown|HTML)

  30. Seemann

  31. Testing With a Code Sample <?php namespace My\NS; use Vendor\Package\ClassName;

    class MyClass {} $ phpcs –s ./unused-use.php –-standard=Stnd1,Stnd2,Stnd3,Stnd4
  32. Checking Code Quality with PHP_CodeSniffer Nightsabre

  33. Code Style Documentation Code Smells Code Metrics Best Practices Code

  34. Dead Code

  35. Dead Code  Commented Out Code  Code Which Cannot

    be Reached  Unused use Statements  Unused Variables  Unused Parameters  Unused Private Methods  Duplicate Array Keys
  36. Boni Idem Insecure Code

  37. Insecure Code (Potentially)  Use of eval()  Use of

    PCRE /e Modifier  Use of Backtick Operator  Known Vulnerabilities / CVE Advisories Security / PHPCS_SecurityAudit
  38. pschubert Complex Code

  39. Complex Code  High Code Complexity Cyclomatic Complexity Cognitive Complexity

     Deep Code Nesting  Method / Property / Parameter Counts
  40. Incompatible Code

  41. Incompatible Code  Use of Deprecated Syntaxes  Use of

    Deprecated or Removed Functions / Classes / Extensions/ Parameters etc  Use of (too) new Syntaxes  ... and much more
  42. Incompatible Code PHPCompatibility $ --runtime-set testVersion 7.0-7.3 <config name="testVersion" value="5.6-"/>

  43. Incompatible Code  PHPCompatibilityJoomla  PHPCompatibilityWP  PHPCompatibilityPasswordCompat  PHPCompatibilityParagonie

    (sodium, random_compat)  PHPCompatibilitySymfony  PHPCompatibilityAll
  44. Ali Taylor Implicit Standards

  45. Implicit Standards  Strict Comparisons  ... in array functions

    too  ... in unit test assertions  To Yoda or Not to Yoda  Class Structure  One Namespace Per File  ...etc...
  46. elvis santana Potentially Buggy Code

  47. Potentially Buggy Code  Undefined Variables  Jumbled Incrementors in

    Loops  Double ! Operator  Error Silencing  Assignments in Conditions  Mixing string/int Array Keys
  48. Jon Ng Modern PHP

  49. Enforce Modern PHP  Use Short Arrays  Use Short

    Lists  Enforce Strict Types  Enforce Param/Return Type Declarations  Enforce use Statements  Require null coalesce
  50. Code Style Documentation Code Smells Code Metrics Best Practices Code

  51. Links  PHP_CodeSniffer  Find External Standards on Packagist  DealerDirect Composer PHPCS plugin  PHPCSDevTools, PHPCSUtils, PHPCSExtra, PHPCompatibility et al
  52. Thanks! Slides: Feedback: Follow me: Sponsor

    me ;-)
  53. Questions ? Clodiney Cruz