PHPackages                             crealoz/easyaudit-cli - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. crealoz/easyaudit-cli

ActiveLibrary[Testing &amp; Quality](/categories/testing)

crealoz/easyaudit-cli
=====================

Standalone static analysis tool for Magento 2 codebases

v1.3.2(3w ago)143↓100%1MITPHPPHP &gt;=8.1CI passing

Since Jan 27Pushed 3w agoCompare

[ Source](https://github.com/crealoz/easyaudit-cli)[ Packagist](https://packagist.org/packages/crealoz/easyaudit-cli)[ GitHub Sponsors](https://github.com/crealoz)[ RSS](/packages/crealoz-easyaudit-cli/feed)WikiDiscussions main Synced 1w ago

READMEChangelog (10)Dependencies (4)Versions (23)Used By (0)

EasyAudit
=========

[](#easyaudit)

[![Latest Release](https://camo.githubusercontent.com/302821350ce6580fef0aa4d0c28209477664e8db0bcc0394b1db4001ab7d0249/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f637265616c6f7a2f6561737961756469742d636c693f7374796c653d666c61742d737175617265)](https://github.com/crealoz/easyaudit-cli/releases)[![License: MIT](https://camo.githubusercontent.com/e29dbf0d6552e3a34dbaa40cf58f88039e6afd0df5686897da72cc893677f747/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f637265616c6f7a2f6561737961756469742d636c693f7374796c653d666c61742d737175617265)](./LICENSE)[![PHP Version](https://camo.githubusercontent.com/987e0a7dbbde7d7b5eb18ca7e56f2e903610950741c2ae35ef9125bb51467b19/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344382e312d3838393242463f7374796c653d666c61742d737175617265)](https://php.net)[![Tests](https://camo.githubusercontent.com/ced4144e1f1fa850ac794b6a1d9ffeee87b2b9cd9ef2bbacb62892dab352bea2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f637265616c6f7a2f6561737961756469742d636c692f74657374732e796d6c3f7374796c653d666c61742d737175617265266c6162656c3d7465737473)](https://github.com/crealoz/easyaudit-cli/actions)[![codecov](https://camo.githubusercontent.com/299a856df31402bfd462ea937397809aee1fd69e707db1ee890791fd73120cbe/68747470733a2f2f636f6465636f762e696f2f67682f637265616c6f7a2f6561737961756469742d636c692f67726170682f62616467652e7376673f746f6b656e3d4a41305745564c39584d)](https://codecov.io/gh/crealoz/easyaudit-cli)

Static analysis tool for Magento 2 codebases. Detects anti-patterns, security risks, and architectural issues.

Features
--------

[](#features)

- **21 processors** detecting **40 anti-patterns** across DI, code quality, templates, performance, and architecture
- **Zero dependencies** - standalone PHAR (~455KB)
- **CI/CD ready** - SARIF output for GitHub Code Scanning
- **Docker image** available
- **Auto-fix** - Automatic patch generation via API
- **Privacy first**
    - No data sent to external servers during scans ([security details](docs/security.md))
    - No source is stored on crealoz's server after patch is generated.

[![workflow-schema.png](../../../Shop-Crealoz/assets/images/workflow-schema.png)](../../../Shop-Crealoz/assets/images/workflow-schema.png)

Quick Start
-----------

[](#quick-start)

### Using PHAR

[](#using-phar)

```
# Download latest PHAR
curl -LO https://github.com/crealoz/easyaudit-cli/releases/latest/download/easyaudit.phar
chmod +x easyaudit.phar

# Run
php easyaudit.phar scan /path/to/magento --format=sarif
```

### Using Composer

[](#using-composer)

```
composer require --dev crealoz/easyaudit-cli
vendor/bin/easyaudit scan /path/to/magento --format=sarif
```

### Using Docker

[](#using-docker)

```
docker run --rm --user "$(id -u):$(id -g)" -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest scan /workspace
```

### From Source

[](#from-source)

```
git clone git@github.com:crealoz/easyaudit-cli.git
php bin/easyaudit scan /path/to/magento
```

Output Formats
--------------

[](#output-formats)

FormatUse Case`json`Tooling and scripting (default)`sarif`GitHub Code Scanning`html`Visual report, shareable via browser or PDFConsole output is always displayed during scan.

GitHub Actions
--------------

[](#github-actions)

### Scan &amp; upload to Code Scanning

[](#scan--upload-to-code-scanning)

```
name: EasyAudit Scan

on: [push, pull_request]

permissions:
  contents: read
  security-events: write

jobs:
  scan:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/crealoz/easyaudit:latest
    steps:
      - uses: actions/checkout@v6
      - run: |
          mkdir -p report
          easyaudit scan --format=sarif --output=report/easyaudit.sarif "$GITHUB_WORKSPACE"
      - uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: report/easyaudit.sarif
```

> **Private repos**: SARIF upload requires [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security), which is a paid feature for private repositories. Use `--format=json` or `--format=html` with `upload-artifact` instead. See [GitHub Actions docs](docs/ci-cd/github-actions.md#private-repositories) for alternative workflows.

[![GitHub Code Scanning](images/scanning-alert-terrible-module.png)](images/scanning-alert-terrible-module.png)

### Scan, fix &amp; create PR (paid)

[](#scan-fix--create-pr-paid)

One-click workflow: scan, call the paid API for fixes, and open a PR with the patches. Requires `EASYAUDIT_AUTH` secret.

See [Automated PR docs](docs/request-pr.md) for the full workflow file and setup instructions.

Documentation
-------------

[](#documentation)

- [Security &amp; Privacy](docs/security.md) - What data stays local, when servers are contacted
- [CLI Usage](docs/cli-usage.md) - Commands, options, examples
- [Available Processors](docs/processors.md) - All 21 processors (40 rules)
- [CI/CD Integration](docs/ci-cd.md) - GitHub, GitLab, Bitbucket, Azure, CircleCI, Jenkins, Travis
- [Automated PR (paid)](docs/request-pr.md) - Auto-fix via API
- Developer Guide: [Writing Processors](docs/developer-guide/processors.md) | [Utilities Reference](docs/developer-guide/utilities.md) | [Extension Points](docs/developer-guide/extension-points.md)

Requirements
------------

[](#requirements)

- PHP 8.1+
- Docker (optional)

License
-------

[](#license)

MIT

###  Health Score

44

—

FairBetter than 90% of packages

Maintenance94

Actively maintained with recent releases

Popularity12

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 91.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~5 days

Total

22

Last Release

26d ago

Major Versions

v0.6.2 → v1.0.02026-02-27

### Community

Maintainers

![](https://www.gravatar.com/avatar/3d5db3c2a5ae9acfa36990c4502617825b7abe75f00c49a8e21562aa3537b919?d=identicon)[ChristopheCrealoz](/maintainers/ChristopheCrealoz)

---

Top Contributors

[![ChristopheFerreboeuf](https://avatars.githubusercontent.com/u/10241898?v=4)](https://github.com/ChristopheFerreboeuf "ChristopheFerreboeuf (92 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (9 commits)")

---

Tags

code-analyzercode-qualitymagentomagento2php

###  Code Quality

TestsPHPUnit

Static AnalysisPsalm

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/crealoz-easyaudit-cli/health.svg)

```
[![Health](https://phpackages.com/badges/crealoz-easyaudit-cli/health.svg)](https://phpackages.com/packages/crealoz-easyaudit-cli)
```

###  Alternatives

[szepeviktor/phpstan-wordpress

WordPress extensions for PHPStan

3309.4M1.2k](/packages/szepeviktor-phpstan-wordpress)[dms/phpunit-arraysubset-asserts

This package provides ArraySubset and related asserts once deprecated in PHPUnit 8

14228.7M340](/packages/dms-phpunit-arraysubset-asserts)[jasonmccreary/laravel-test-assertions

A set of helpful assertions when testing Laravel applications.

3524.1M38](/packages/jasonmccreary-laravel-test-assertions)[orchestra/workbench

Workbench Companion for Laravel Packages Development

8219.1M67](/packages/orchestra-workbench)[soyuka/contexts

Behatch contexts

282.2M21](/packages/soyuka-contexts)[roquie/laravel-dusk-select2

Select2.js support for the Laravel Dusk testing.

41356.2k5](/packages/roquie-laravel-dusk-select2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)