PHPackages laravel-analyzer/cli - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. laravel-analyzer/cli ActiveLibrary[Testing & Quality](/categories/testing) laravel-analyzer/cli ==================== Static analysis CLI and MCP server for Laravel projects โ€” zero dependencies, pure PHP 8.2+ v1.3.0(3mo ago)05โ†“90.9%MITPHPPHP >=8.2CI passing Since Mar 21Pushed 3mo agoCompare [ Source](https://github.com/lucasgio/laravel-analyzer)[ Packagist](https://packagist.org/packages/laravel-analyzer/cli)[ Docs](https://github.com/lucasgio/laravel-analyzer)[ RSS](/packages/laravel-analyzer-cli/feed)WikiDiscussions main Synced 2w ago READMEChangelog (4)Dependencies (1)Versions (12)Used By (0) ๐Ÿ” Laravel Best Practices Analyzer CLI ===================================== [](#-laravel-best-practices-analyzer-cli) A command-line tool for analyzing the quality and security of Laravel projects. Zero external dependencies โ€” pure PHP only. --- ๐Ÿ“ฆ Installation -------------- [](#-installation) ### Option A โ€” Direct use (no composer install required) [](#option-a--direct-use-no-composer-install-required) ``` git clone https://github.com/your-user/laravel-analyzer cd laravel-analyzer chmod +x bin/laravel-analyze php bin/laravel-analyze /path/to/your-laravel-project ``` ### Option B โ€” Global via Composer [](#option-b--global-via-composer) ``` composer global require laravel-analyzer/cli laravel-analyze /path/to/your-project ``` --- ๐Ÿš€ Usage ------- [](#-usage) ``` # Analyze the current directory laravel-analyze . # Analyze a specific path laravel-analyze /var/www/my-project # Run only specific modules laravel-analyze . --only=security,owasp # Export HTML report laravel-analyze . --format=html --output=report.html # Export JSON for CI/CD laravel-analyze . --format=json --output=analysis.json # Export Markdown (for GitHub/GitLab) laravel-analyze . --format=markdown --output=ANALYSIS.md # Set a minimum quality threshold laravel-analyze . --threshold=75 # Disable colors (for logs/CI) laravel-analyze . --no-color ``` --- ๐Ÿ“Š Analysis Modules ------------------ [](#-analysis-modules) ### ๐Ÿ”— Coupling & Cohesion (`coupling`) [](#-coupling--cohesion-coupling) Detects violations of the Single Responsibility Principle (SRP). MetricDescriptionAverage couplingNumber of dependencies per classGod ClassesClasses with > 20 methods or > 500 linesLong methodsMethods with > 50 linesEstimated cohesionHow related the class responsibilities are**How to improve?** - Break God Classes into specific services - Use dependency injection instead of `new ClassName()` - Define interfaces for each dependency --- ### ๐Ÿงช Test Coverage (`testing`) [](#-test-coverage-testing) Evaluates the quality and coverage of the test suite. MetricDescriptionUnit testsFiles in `tests/Unit/`Feature testsFiles in `tests/Feature/`Test/code ratio% of source files with associated testsLine coverageFrom `clover.xml` (if present)**To generate a coverage report:** ``` php artisan test --coverage-clover=coverage.xml laravel-analyze . # Detects coverage.xml automatically ``` --- ### ๐Ÿ’ธ Technical Debt (`debt`) [](#-technical-debt-debt) Identifies indicators of accumulated technical debt. IndicatorSeverity`FIXME`HIGH`HACK` / `XXX`MEDIUM`TODO`LOW`$guarded = []`CRITICAL`Model::create($request->all())`CRITICALDependencies with wildcard version `*`HIGHLarge commented-out code blocksMEDIUM--- ### ๐Ÿงฎ Refactoring Complexity (`complexity`) [](#-refactoring-complexity-complexity) Analyzes the Cyclomatic Complexity (CC) of each method. CCRiskDescription1โ€“5LowSimple, easy to test6โ€“10MediumModerate, testable11โ€“20HighHard to test> 20CriticalPractically untestableFormula: `CC = 1 + (if + for + foreach + while + case + catch + && + \|\|)` --- ### ๐Ÿ”’ Laravel Security (`security`) [](#-laravel-security-security) Detects vulnerabilities specific to the Laravel ecosystem. VulnerabilityOWASPDangerous exampleSQL InjectionA03`DB::select("SELECT * WHERE id=" . $id)`Mass AssignmentA01`Model::create($request->all())`XSSA03`{!! $userInput !!}`Command InjectionA03`shell_exec("ls " . $path)`Weak HashingA02`md5($password)`Open RedirectA01`redirect($request->get('url'))`Debug in prodA05`APP_DEBUG=true` + `APP_ENV=production`--- ### ๐Ÿ›ก๏ธ OWASP Top 10 (`owasp`) [](#๏ธ-owasp-top-10-owasp) Checks the project against the OWASP Top 10 standard (2021). CodeCategoryWhat it checksA01Broken Access ControlPolicies, IDOR, protected routesA02Cryptographic FailuresMD5/SHA1, hardcoded secrets, HTTPSA03InjectionSQL, Command, Object injectionA04Insecure DesignRate limiting, validation on store/updateA05Security MisconfigurationAPP\_DEBUG, SameSite cookies, CORSA06Vulnerable ComponentsDependency versions, composer.lockA07Auth FailuresSession fixation, MFA, regenerationA08Integrity FailuresCI/CD, unserialize(), secure pipelinesA09Logging FailuresSecurity events loggedA10SSRFHTTP requests with user-supplied URLs--- ๐Ÿ“‹ Output Formats ---------------- [](#-output-formats) ### Console (default) [](#console-default) Colorized terminal view with progress bars. ### JSON [](#json) ``` { "generated_at": "2025-03-21 10:00:00", "project": "my-laravel-app", "global_score": 72.5, "grade": "B", "analyses": { "coupling": { "score": 78.2, "risk": "MEDIUM", ... }, "owasp": { "score": 65.0, "risk": "MEDIUM", ... } } } ``` ### HTML [](#html) Full visual report with tables, progress bars, and OWASP breakdown. ### Markdown [](#markdown) Compatible with GitHub/GitLab. Ideal for PRs or documentation wikis. --- ๐Ÿ”„ CI/CD Integration ------------------- [](#-cicd-integration) ### GitHub Actions [](#github-actions) ``` name: Laravel Quality Check on: [push, pull_request] jobs: analyze: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.2' - name: Run Laravel Analyzer run: php bin/laravel-analyze . --format=json --output=analysis.json --no-color - name: Check quality threshold run: | SCORE=$(python3 -c "import json; d=json.load(open('analysis.json')); print(d['global_score'])") if python3 -c "exit(0 if $SCORE >= 60 else 1)"; then echo "Quality score: $SCORE/100 โ€” OK" else echo "Quality score ($SCORE) below threshold (60)"; exit 1 fi - name: Upload report uses: actions/upload-artifact@v3 with: name: laravel-analysis path: analysis.json ``` ### GitLab CI [](#gitlab-ci) ``` laravel-analysis: stage: test script: - php bin/laravel-analyze . --format=json --output=analysis.json --no-color --threshold=65 artifacts: paths: - analysis.json ``` --- ๐Ÿ› ๏ธ Complementary Tools ---------------------- [](#๏ธ-complementary-tools) ToolInstallationPurpose**Larastan/PHPStan**`composer require --dev nunomaduro/larastan`Advanced static analysis**Laravel Pint**Included in Laravel 9+Code formatting**Enlightn**`composer require --dev enlightn/enlightn`Security audit**PHP Insights**`composer require nunomaduro/phpinsights`Quality metrics**PHPMD**`composer require --dev phpmd/phpmd`Code smell detection--- ๐Ÿ“ˆ Score Interpretation ---------------------- [](#-score-interpretation) ScoreGradeMeaning90โ€“100A+Excellent quality80โ€“89AVery good quality70โ€“79BGood quality, minor improvements needed60โ€“69CAcceptable quality, work needed50โ€“59DLow quality, urgent refactoring required< 50FCritical quality, high risk--- ๐Ÿ“ License --------- [](#-license) MIT License โ€” Free for commercial and personal use. ### Health Score 39 โ€” LowBetter than 85% of packages Maintenance82 Actively maintained with recent releases Popularity4 Limited adoption so far Community9 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 88.9% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 93d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/184870555?v=4)[Giolabs](/maintainers/giolabs)[@giolabs](https://github.com/giolabs) --- Top Contributors [![lucasgio](https://avatars.githubusercontent.com/u/57779728?v=4)](https://github.com/lucasgio "lucasgio (32 commits)")[![actions-user](https://avatars.githubusercontent.com/u/65916846?v=4)](https://github.com/actions-user "actions-user (3 commits)")[![giodevuy](https://avatars.githubusercontent.com/u/259621443?v=4)](https://github.com/giodevuy "giodevuy (1 commits)") --- Tags clicode-qualitydeveloper-toolslaravelmcpowaspphpphp82securitystatic-analysisclilaravelstatic analysissecuritymcpcode qualityowasp ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/laravel-analyzer-cli/health.svg) ``` [![Health](https://phpackages.com/badges/laravel-analyzer-cli/health.svg)](https://phpackages.com/packages/laravel-analyzer-cli) ``` ### Alternatives [laraveldaily/filacheck Static analysis for Filament projects - detect deprecated patterns and code issues 12055.4k](/packages/laraveldaily-filacheck)[php-code-archeology/php-code-archeology Static analyzer for PHP project archeology. Calculates various metrics for your codebase. 812.8k](/packages/php-code-archeology-php-code-archeology)[guanguans/laravel-soar SQL optimizer and rewriter for laravel. - laravel ็š„ SQL ไผ˜ๅŒ–ๅ™จๅ’Œ้‡ๅ†™ๅ™จใ€‚ 2228.3k](/packages/guanguans-laravel-soar)[exakat/exakat The smart static analyzer for PHP 437.8k](/packages/exakat-exakat) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)