PHPackages denzyl/phanalist - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. denzyl/phanalist ActiveLibrary[Testing & Quality](/categories/testing) denzyl/phanalist ================ Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code. v0.1.22(2y ago)14631.1k↑18.8%6[4 issues](https://github.com/denzyldick/phanalist/issues)MITRustCI passing Since Oct 3Pushed 1mo ago4 watchersCompare [ Source](https://github.com/denzyldick/phanalist)[ Packagist](https://packagist.org/packages/denzyl/phanalist)[ RSS](/packages/denzyl-phanalist/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)DependenciesVersions (9)Used By (0) [![](https://raw.githubusercontent.com/denzyldick/phanalist/main/docs/branding/banner-cropped.png)](https://raw.githubusercontent.com/denzyldick/phanalist/main/docs/branding/banner-cropped.png) [![Crates.io](https://camo.githubusercontent.com/29408512d7273f68bb2658388f6fe0a662e01adecbb50e8d1058e1bc8c96a972/68747470733a2f2f696d672e736869656c64732e696f2f6372617465732f762f7068616e616c6973742e737667)](https://crates.io/crates/phanalist)[![License: MIT](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](./LICENSE)[![CI](https://github.com/denzyldick/phanalist/actions/workflows/rust.yml/badge.svg)](https://github.com/denzyldick/phanalist/actions) > Performant static analyzer for PHP, written in Rust. Catches common mistakes and enforces best practices with zero configuration required. --- ### ✨ Features [](#-features) - πŸš€ **Fast** β€” built in Rust, analyzes large codebases in seconds - πŸ” **14 built-in rules** β€” covering complexity, style, design patterns, and more - βš™οΈ **Zero config to start** β€” works out of the box, configure only what you need - πŸ“„ **Multiple output formats** β€” `text`, `json`, and `sarif` (for CI pipelines) - πŸ”Œ **Extensible** β€” adding a custom rule takes minutes --- ### Installation [](#installation) The simplest way to install Phanalist is to use the installation script: ``` curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/denzyldick/phanalist/main/bin/init.sh | sh ``` It will automatically download the executable for your platform: ``` $ ~/phanalist -V phanalist 1.0.0 ``` There are also [multiple other installation options](./docs/installation.md). --- ### Usage [](#usage) To analyze your project sources, run: ``` ~/phanalist ``` #### Example [](#example) [![Example](docs/branding/example.gif)](docs/branding/example.gif) On the first run `phanalist.yaml` will be created with the default configuration and reused on all subsequent runs. **Additional CLI flags:** FlagDescriptionDefault`--config`Path to configuration file`./phanalist.yaml``--src`Path to project sources`./src``--output-format`Output format: `text`, `json`, `sarif``text``--summary-only`Show only violation counts per ruleβ€”`--quiet`Suppress all outputβ€”--- ### Configuration [](#configuration) ``` enabled_rules: [] # empty = all rules active disable_rules: [] rules: E0007: check_constructor: true max_parameters: 5 E0009: max_complexity: 10 E0010: max_paths: 200 E0012: include_namespaces: - "App\\Service\\" - "App\\Controller\\" exclude_namespaces: [] ``` - **`enabled_rules`** β€” whitelist of rules to run (empty = all) - **`disable_rules`** β€” rules to skip - **`rules`** β€” per-rule configuration options --- ### Rules [](#rules) CodeNameOptionsE0000Example rule[E0001](/src/rules/examples/e1/e1.md)Opening tag position[E0002](/src/rules/examples/e2/e2.md)Empty catch[E0003](/src/rules/examples/e3/e3.md)Method modifiers[E0004](src/rules/examples/e4.md)Uppercase constants[E0005](src/rules/examples/e5.md)Capitalized class name[E0006](/src/rules/examples/e6/e6.md)Property modifiers[E0007](/src/rules/examples/e7/e7.md)Method parameters count`check_constructor: true`, `max_parameters: 5`[E0008](src/rules/examples/e8/e8.md)Return type signature[E0009](/src/rules/examples/e9/e9.md)Cyclomatic complexity`max_complexity: 10`[E0010](src/rules/examples/e10/e10.md)Npath complexity`max_paths: 200`[E0011](src/rules/examples/e11/e11.md)Detect error suppression symbol (`@`)[E0012](src/rules/examples/e12/e12.md)Service compatibility with Shared Memory Model`include_namespaces`, `exclude_namespaces`, `reset_interfaces`[E0013](/src/rules/examples/e13/e13.md)Private method not being used[E0014](/src/rules/examples/e14/e14.md)Law of DemeterAdding a new rule is straightforward β€” [this tutorial](./docs/adding_new_rule.md) explains how. --- ### Articles [](#articles) Read a series of chapters on to understand the project's internals β€” a great, easy-to-read introduction. 1. [Write your own static analyzer for PHP.](https://dev.to/denzyldick/the-beginning-of-my-php-static-analyzer-in-rust-5bp8) 2. [How I made it impossible to write spaghetti code.](https://dev.to/denzyldick/how-i-made-it-impossible-to-write-spaghetti-code-dg4) 3. [Detecting spaghetti code in AST of a PHP source code.](https://dev.to/denzyldick/traversing-an-ast-of-php-source-code-2kee) 4. [Getting Symfony app ready for Swoole, RoadRunner, and FrankenPHP (no AI involved).](https://dev.to/sergiid/getting-symfony-app-ready-for-swoole-roadrunner-and-frankenphp-no-ai-involved-2d0g) 5. [Improve your CI output](https://dev.to/denzyldick/improve-your-ci-output-2eg) 6. [Why using unserialize in PHP is a bad idea](https://dev.to/denzyldick/why-is-unserializing-an-object-in-php-a-bad-idea-3odl) ### Health Score 42 β€” FairBetter than 90% of packages Maintenance58 Moderate activity, may be stable Popularity46 Moderate usage in the ecosystem Community18 Small or concentrated contributor base Maturity38 Early-stage or recently created project Bus Factor1 Top contributor holds 86% of commits β€” single point of failure How is this calculated?**Maintenance (25%)** β€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** β€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** β€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** β€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~75 days Total 4 Last Release 731d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/1d0a8bd745f09678b85bde73cef8411e3f06cd38c0cb2de36da7bc153e67177a?d=identicon)[denzyl](/maintainers/denzyl) --- Top Contributors [![denzyldick](https://avatars.githubusercontent.com/u/2477646?v=4)](https://github.com/denzyldick "denzyldick (398 commits)")[![SerheyDolgushev](https://avatars.githubusercontent.com/u/166894?v=4)](https://github.com/SerheyDolgushev "SerheyDolgushev (46 commits)")[![Fabccc](https://avatars.githubusercontent.com/u/33267330?v=4)](https://github.com/Fabccc "Fabccc (9 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (5 commits)")[![mleczakm](https://avatars.githubusercontent.com/u/3474636?v=4)](https://github.com/mleczakm "mleczakm (3 commits)")[![KevinMartinsDevUbi](https://avatars.githubusercontent.com/u/100281657?v=4)](https://github.com/KevinMartinsDevUbi "KevinMartinsDevUbi (1 commits)")[![supun-io](https://avatars.githubusercontent.com/u/44988673?v=4)](https://github.com/supun-io "supun-io (1 commits)") --- Tags phprefactoringstatic-analysisstatic-code-analysisphprefactoringstatic analyzerCleancode ### Embed Badge ![Health badge](/badges/denzyl-phanalist/health.svg) ``` [![Health](https://phpackages.com/badges/denzyl-phanalist/health.svg)](https://phpackages.com/packages/denzyl-phanalist) ``` ### Alternatives [vimeo/psalm A static analysis tool for finding errors in PHP applications 5.8k77.5M6.7k](/packages/vimeo-psalm)[larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k43.5M5.2k](/packages/larastan-larastan)[dave-liddament/sarb Provides tools for baselining static analysis results and comparing against that baseline 1651.4M](/packages/dave-liddament-sarb)[letsdrink/ouzo-goodies Utility classes, test assertions and mocking framework extracted from Ouzo framework. 132617.9k7](/packages/letsdrink-ouzo-goodies)[quizlet/hammock Hammock is a stand-alone mocking library for Hacklang. 27445.5k](/packages/quizlet-hammock)[doppiogancio/mocked-client A simple way to mock a client 2174.9k3](/packages/doppiogancio-mocked-client) PHPackages Β© 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)