PHPackages glpi-project/phpstan-glpi - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. glpi-project/phpstan-glpi ActivePhpstan-extension[Testing & Quality](/categories/testing) glpi-project/phpstan-glpi ========================= PHPStan rules for GLPI. 1.1.1(9mo ago)097.1k—7.9%3[2 PRs](https://github.com/glpi-project/phpstan-glpi/pulls)MITPHPPHP >=7.4CI passing Since Jun 24Pushed 2mo ago1 watchersCompare [ Source](https://github.com/glpi-project/phpstan-glpi)[ Packagist](https://packagist.org/packages/glpi-project/phpstan-glpi)[ RSS](/packages/glpi-project-phpstan-glpi/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (6)Versions (9)Used By (0) PHPStan GLPI extension ====================== [](#phpstan-glpi-extension) This repository provides a PHPStan extension that can be used in both GLPI and GLPI plugins. Installation ------------ [](#installation) To install this PHPStan extension, run the `composer require --dev glpi-project/phpstan-glpi`. To make this extension automatically enabled by PHPStan, you can also install the `phpstan/extension-installer` library, otherwise you will need to add it in you PHPStan configuration file in the `includes` section: ``` includes: - vendor/glpi-project/phpstan-glpi/rules.neon ``` See for more information. Configuration ------------- [](#configuration) The PHPStan configuration depends on your GLPI version. If your plugin is located in either the `plugins` or `marketplace` directory of GLPI, you can use the following configuration file example: ``` parameters: level: 0 paths: - ajax - front - inc # or `src` if your PHP class files are in the `src` directory - hook.php - setup.php scanDirectories: - ../../inc - ../../src # for GLPI 11.x the following configuration entries must be used bootstrapFiles: - ../../stubs/glpi_constants.php - ../../vendor/autoload.php # for GLPI 10.x the following configuration entries must be used bootstrapFiles: - ../../inc/based_config.php stubFiles: - ../../stubs/glpi_constants.php ``` The GLPI path and version should be detected automatically, but you can specify them in the `parameters` section of your PHPStan configuration: ``` parameters: glpi: glpiPath: "/path/to/glpi" glpiVersion: "11.0.0" ``` See fore more information about the PHPStan configuration options. Analyser improvements --------------------- [](#analyser-improvements) This extension will help PHPStan to resolve the GLPI global variables types. For instance, it will indicate that the `global $DB;` variable is an instance of the `DBmysql` class, so PHPStan will be able to detected bad method calls, deprecated methods usages, ... Rules ----- [](#rules) ### `ForbidDynamicInstantiationRule` [](#forbiddynamicinstantiationrule) > Since GLPI 11.0. Instantiating an object from an unrestricted dynamic string is unsecure. Indeed, it can lead to unexpected code execution and has already been a source of security issues in GLPI. Before instantiating an object, a check must be done to validate that the variable contains an expected class string. ``` $class = $_GET['itemtype']; $object = new $class(); // unsafe if (is_a($class, CommonDBTM::class, true)) { $object = new $class(); // safe } ``` If the `treatPhpDocTypesAsCertain` PHPStan parameter is not set to `false`, a variable with a specific `class-string`type will be considered safe. ``` class MyClass { /** * @var class-string $class */ public function doSomething(string $class): void { $object = new $class(); // safe // ... } } ``` ### `ForbidExitRule` [](#forbidexitrule) > Since GLPI 11.0. Since the introduction of the Symfony framework in GLPI 11.0, the usage of `exit()`/`die()` instructions is discouraged. Indeed, they prevents the execution of post-request/post-command routines, and this can result in unexpected behaviours. ### `ForbidHttpResponseCodeRule` [](#forbidhttpresponsecoderule) > Since GLPI 11.0. Due to a PHP bug (see ), the usage of the `http_response_code()` function, to define the response code, may produce unexpected results, depending on the server environment. Therefore, its usage is discouraged. ### `MissingGlobalVarTypeRule` [](#missingglobalvartyperule) > Since GLPI 10.0. By default, PHPStan is not able to detect the global variables types, and is therefore not able to detect any issue related to their usage. This extension will resolve the type of GLPI global variables, but cannot resolve your plugin specific global variables. To get around this limitation, we recommend that you declare each global variable type with a PHPDoc tag. ``` /** @var \Migration $migration */ global migration; ``` ### Health Score 43 — FairBetter than 91% of packages Maintenance73 Regular maintenance activity Popularity34 Limited adoption so far Community12 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~24 days Total 3 Last Release 280d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/507319e852f4380d60cd24f301c28b06e6d2dab2b9d14a35ca418ef20af5dca2?d=identicon)[glpi](/maintainers/glpi) --- Top Contributors [![cedric-anne](https://avatars.githubusercontent.com/u/33253653?v=4)](https://github.com/cedric-anne "cedric-anne (7 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (7 commits)")[![froozeify](https://avatars.githubusercontent.com/u/2380113?v=4)](https://github.com/froozeify "froozeify (1 commits)") ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/glpi-project-phpstan-glpi/health.svg) ``` [![Health](https://phpackages.com/badges/glpi-project-phpstan-glpi/health.svg)](https://phpackages.com/packages/glpi-project-phpstan-glpi) ``` ### Alternatives [larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k43.5M5.2k](/packages/larastan-larastan)[phpstan/phpstan-symfony Symfony Framework extensions and rules for PHPStan 78768.9M1.5k](/packages/phpstan-phpstan-symfony)[phpstan/phpstan-doctrine Doctrine extensions for PHPStan 66766.6M1.1k](/packages/phpstan-phpstan-doctrine)[phpat/phpat PHP Architecture Tester 1.2k3.5M32](/packages/phpat-phpat)[spaze/phpstan-disallowed-calls PHPStan rules to detect disallowed method & function calls, constant, namespace, attribute, property & superglobal usages, with powerful rules to re-allow a call or a usage in places where it should be allowed. 33320.0M375](/packages/spaze-phpstan-disallowed-calls)[mglaman/phpstan-drupal Drupal extension and rules for PHPStan 20829.0M124](/packages/mglaman-phpstan-drupal) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)