PHPackages haspadar/sheriff - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [PSR & Standards](/categories/psr-standards) 4. / 5. haspadar/sheriff ActiveLibrary[PSR & Standards](/categories/psr-standards) haspadar/sheriff ================ Picky standards for PHP projects v0.33.1(2w ago)35.0k↓75.6%[4 issues](https://github.com/haspadar/sheriff/issues)1MITPHPPHP ~8.3.16 || ~8.4.3 || ~8.5.0CI passing Since Dec 3Pushed 2w agoCompare [ Source](https://github.com/haspadar/sheriff)[ Packagist](https://packagist.org/packages/haspadar/sheriff)[ RSS](/packages/haspadar-sheriff/feed)WikiDiscussions main Synced 1w ago READMEChangelog (10)Dependencies (16)Versions (540)Used By (1) Sheriff ======= [](#sheriff) Pre-configured strict quality gate for PHP ------------------------------------------ [](#pre-configured-strict-quality-gate-for-php) [![CI](https://github.com/haspadar/sheriff/actions/workflows/sheriff.yml/badge.svg)](https://github.com/haspadar/sheriff/actions/workflows/sheriff.yml)[![Coverage](https://camo.githubusercontent.com/237c6f5fc26f7ff13e0a72a0392707ccd721594c0cc30d0712b48fd921a60ba5/68747470733a2f2f636f6465636f762e696f2f67682f68617370616461722f736865726966662f6272616e63682f6d61696e2f67726170682f62616467652e737667)](https://codecov.io/gh/haspadar/sheriff)[![Mutation testing badge](https://camo.githubusercontent.com/1cdb85701bb74ade1d0c812aad96d251dc2568798332c4b8267e93dcab01a030/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f7374796c653d666c61742675726c3d687474707325334125324625324662616467652d6170692e737472796b65722d6d757461746f722e696f2532466769746875622e636f6d2532466861737061646172253246736865726966662532466d61696e)](https://dashboard.stryker-mutator.io/reports/github.com/haspadar/sheriff/main)[![PHPStan Level](https://camo.githubusercontent.com/942bdbddc7b2adea1d63ed80793492d06d72ef41911edcba33310d0745581548/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d4c6576656c253230392d627269676874677265656e)](https://phpstan.org/)[![Psalm](https://camo.githubusercontent.com/2a99f70b6b285f2cffa857d7b3dc3f8a758d961c397f06bd34ce77f31f6f0a8c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7073616c6d2d6c6576656c253230312d627269676874677265656e)](https://psalm.dev) ``` composer require --dev haspadar/sheriff vendor/bin/sheriff sync vendor/bin/sheriff check ``` ``` [OK] phpstan 2.8s [OK] psalm 4.4s [OK] phpunit 5.9s [OK] phpcs 9.1s [OK] phpmd 1.4s [OK] php-cs-fixer 1.6s [OK] markdownlint 2.6s [OK] hadolint 3.1s [OK] ... [OK] All checks passed 9.5s ``` Over 1200 rules from 18 tools ----------------------------- [](#over-1200-rules-from-18-tools) ToolRulesPHPStan128 (48 strict + 80 [haspadar custom](https://github.com/haspadar/phpstan-rules)) at level 9Psalm331 issue types at level 1PHP\_CodeSniffer382 sniffs ([Slevomat](https://github.com/slevomat/coding-standard) + core)PHP-CS-Fixer364 fixers (303 core + 61 [kubawerlos](https://github.com/kubawerlos/php-cs-fixer-custom-fixers))PHPMD6 rulesets, all enabledInfectionmutation testing, Covered MSI ≥ 80%--- Configure --------- [](#configure) Customization is optional. If needed, create `.sheriff.yaml` in the project root. Three settings cascade across every tool that consumes them: - `php.src` — paths analysed by PHPStan, Psalm, PHPUnit, PHPMD, PHP\_CodeSniffer, PHP Metrics, Infection, SonarCloud - `infra.exclude` — paths skipped by PHP\_CodeSniffer, PHP-CS-Fixer, PHP Metrics, markdownlint, jsonlint, yamllint, typos, hadolint, shellcheck - `php.versions` — versions used in the CI matrix and consumed by PHPStan, PHP-CS-Fixer, PHPMD, Infection Change one key, every consuming tool follows. Use `append` to extend default lists: ``` append: php.src: - lib infra.exclude: - legacy ``` Use `override` to replace individual keys: ``` override: phpstan.parameters: level: 8 php.versions: ["8.3", "8.4", "8.5"] ``` Use `php_cs_fixer.extend` and `phpcs.extend` to inject native-syntax fragments at the end of the generated config. Useful when a built-in rule clashes with project code — for example, narrowing `phpdoc_types` instead of disabling it entirely: ``` override: php_cs_fixer.extend: " 'phpdoc_types' => ['exclude' => ['scalar']]," phpcs.extend: " 0" ``` The value is passed through verbatim; Sheriff does not parse it. Use a YAML block scalar (`|` or `|-`) for multi-line fragments. Use `envs` to export environment variables in CI workflows. Each value is a shell command evaluated at runtime: ``` envs: COMPOSER_ROOT_VERSION: "git describe --tags --abbrev=0 | sed 's/^v//'" ``` The full list of available keys and their defaults is generated to `.sheriff/config.yaml` on every `sheriff sync`. `.sheriff/` and `.github/` are generated by `sheriff sync` and may be safely deleted. --- Workflow -------- [](#workflow) To change configuration: 1. Edit `.sheriff.yaml` 2. Run `vendor/bin/sheriff sync` Do not edit `.sheriff/` or the GitHub workflow file `.github/workflows/sheriff.yml` directly — they are generated and will be overwritten. --- Commands -------- [](#commands) - `sheriff sync` — generate configuration from templates - `sheriff check` — run checks, excluding slow ones by default (`check.slow`: infection, sonar) - `sheriff check ` — run specific tool - `-f`, `--full` — include slow checks (default: `check.full`) - `-F`, `--no-full` — exclude slow checks - `-p`, `--parallel` — run checks concurrently (default: `check.parallel`) - `-P`, `--no-parallel` — force sequential execution - `-v`, `--verbose` — show full output from each check - `sheriff fix` — run auto-fixable tools - `sheriff fix ` — run specific fixer --- Checks ------ [](#checks) ### PHP [](#php) - PHPStan — level 9 with [strict rules](https://github.com/phpstan/phpstan-strict-rules), [phpstan-phpunit](https://github.com/phpstan/phpstan-phpunit) (PHPUnit-aware assertions, data providers, `MockObject` inference) and [haspadar/phpstan-rules](https://github.com/haspadar/phpstan-rules) (80 custom rules for object-oriented strictness) - Psalm — with [psalm/plugin-phpunit](https://github.com/psalm/psalm-plugin-phpunit) for PHPUnit-aware type narrowing and provider validation - PHPUnit - Infection - PHPMD - PHP Metrics - PHP\_CodeSniffer — with [Slevomat Coding Standard](https://github.com/slevomat/coding-standard) rules (class structure, doc comments, attributes) - PHP-CS-Fixer — with [kubawerlos/php-cs-fixer-custom-fixers](https://github.com/kubawerlos/php-cs-fixer-custom-fixers) and PHPUnit ruleset (`php_unit_*`: strict asserts, dedicated assertions, data-provider naming/static/return-type, attributes; requires PHPUnit 12+) ### Linters [](#linters) - actionlint - hadolint - shellcheck - markdownlint-cli2 - jsonlint - yamllint - typos ### CI [](#ci) - SonarCloud — requires `SONAR_TOKEN` environment variable ([get token](https://sonarcloud.io/account/security)) - Pull request size limit - Code coverage (Codecov) --- Contributing ------------ [](#contributing) 1. Fork the repository 2. Create a feature branch 3. Ensure all checks pass 4. Open a pull request All pull requests must pass CI before merging. --- License ------- [](#license) MIT ### Health Score 48 — FairBetter than 94% of packages Maintenance76 Regular maintenance activity Popularity29 Limited adoption so far Community11 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 93.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 100 Last Release 17d ago PHP version history (3 changes)v0.1.0PHP >=8.2 v0.4.1PHP >=8.3 v0.10.3PHP ~8.3.16 || ~8.4.3 || ~8.5.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1282194?v=4)[Konstantinas Mesnikas](/maintainers/haspadar)[@haspadar](https://github.com/haspadar) --- Top Contributors [![haspadar](https://avatars.githubusercontent.com/u/1282194?v=4)](https://github.com/haspadar "haspadar (2201 commits)")[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (101 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (49 commits)") ### Embed Badge ![Health badge](/badges/haspadar-sheriff/health.svg) ``` [![Health](https://phpackages.com/badges/haspadar-sheriff/health.svg)](https://phpackages.com/packages/haspadar-sheriff) ``` ### Alternatives [wp-cli/wp-cli-tests WP-CLI testing framework 423.0M129](/packages/wp-cli-wp-cli-tests)[tempest/framework The PHP framework that gets out of your way. 2.2k31.1k11](/packages/tempest-framework)[drupal/core-dev require-dev dependencies from drupal/drupal; use in addition to drupal/core-recommended to run tests from drupal/core. 2022.0M321](/packages/drupal-core-dev) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)