PHPackages moxio/php-codesniffer-sniffs - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. moxio/php-codesniffer-sniffs ActivePhpcodesniffer-standard[Testing & Quality](/categories/testing) moxio/php-codesniffer-sniffs ============================ Custom sniffs for PHP\_CodeSniffer v2.6.5(4mo ago)18290.9k↓37.3%112MITPHPPHP ^7.1 || ^8.0CI passing Since Nov 23Pushed 4mo ago13 watchersCompare [ Source](https://github.com/Moxio/php-codesniffer-sniffs)[ Packagist](https://packagist.org/packages/moxio/php-codesniffer-sniffs)[ RSS](/packages/moxio-php-codesniffer-sniffs/feed)WikiDiscussions master Synced 1w ago READMEChangelog (10)Dependencies (3)Versions (35)Used By (2) [![Continuous Integration](https://github.com/Moxio/php-codesniffer-sniffs/workflows/Continuous%20Integration/badge.svg)](https://github.com/Moxio/php-codesniffer-sniffs/workflows/Continuous%20Integration/badge.svg)[![Latest Stable Version](https://camo.githubusercontent.com/8a8b22ab017ea0a89f07daf824a0e17ef7681137b2d4ced4a0fcfcc70aaf352e/68747470733a2f2f706f7365722e707567782e6f72672f6d6f78696f2f7068702d636f6465736e69666665722d736e696666732f762f737461626c65)](https://packagist.org/packages/moxio/php-codesniffer-sniffs) Moxio PHP\_CodeSniffer sniffs ============================= [](#moxio-php_codesniffer-sniffs) This is a collection of our custom PHP\_Codesniffer (3.x) sniffs for detecting potential bugs and unexpected behavior in PHP code. It may be used as a ruleset on its own, but it is mainly intended as a set of separate sniffs that can be integrated into other standards. We described the motivation behind some of these sniffs [on our blog](https://www.moxio.com/blog/10/detecting-hidden-bugs-in-php-code-using-php-codesniffer). Installation and usage ---------------------- [](#installation-and-usage) Install as a development dependency using composer: ``` $ composer require --dev moxio/php-codesniffer-sniffs ``` Check your files against this set of sniffs: ``` $ ./vendor/bin/phpcs --standard=vendor/moxio/php-codesniffer-sniffs/MoxioSniffs path/to/your/files ``` Description of sniffs --------------------- [](#description-of-sniffs) *More sniffs will be added soon.* **MoxioSniffs.PHP.DisallowBareContinueInSwitch**: Disallows the `continue` statement without a numeric argument when used directly within a `switch`-`case`. This prevents silent bugs caused by PHP considering `switch` [to be a looping structure](http://php.net/manual/en/control-structures.switch.php). **MoxioSniffs.PHP.DisallowImplicitLooseComparison**: Disallows implicit non-strict comparisons by functions like `in_array` and `array_search`. Requires that the `$strict`-parameter to these functions is explicitly set. This prevents hidden bugs due to [counter-intuitive behavior of non-strict comparison](https://twitter.com/fabpot/status/460707769990266880). **MoxioSniffs.PHP.DisallowImplicitLooseBase64Decode**: Disallows implicit non-strict usage of the `base64_decode` function. Requires that the `$strict`-parameter to this function is explicitly set. **MoxioSniffs.PHP.DisallowUniqidWithoutMoreEntropy**: Disallows calls to `uniqid()` without `$more_entropy = true`. When `$more_entropy` is `false` (which is the default), `uniqid()` calls `usleep()` to avoid collisions, which [can be a substantial performance hit](http://blog.kevingomez.fr/til/2015/07/26/why-is-uniqid-slow/). Always calling `uniqid()` with `$more_entropy = true` avoids these problems. **MoxioSniffs.PHP.DisallowArrayCombinersWithSingleArray**: Disallows calls to functions that combine two or more arrays with only a single array given as an argument. This applies to functions like `array_merge(_recursive)`, `array_replace(_recursive)` and all variants of `array_diff` and `array_intersect`. Such a call does not make sense, and is most likely a result of a misplaced comma or parenthesis. To re-index a single array, just use `array_values`. **MoxioSniffs.PHP.DisallowImplicitMicrotimeAsString**: Disallows calls to `microtime()` without the `$get_as_float`argument being explicitly set. By default, `microtime` has a string as its return value ("msec sec"), which is unexpected and cannot be naively cast to float, making it error-prone. It is still possible to set this argument to `false`, but in that case you have probably thought about this. **MoxioSniffs.PHP.DisallowImplicitIteratorToArrayWithUseKeys**: Disallows calls to `iterator_to_array()` without the `$use_keys` argument being explicitly set. By default, `iterator_to_array` uses the keys provided by the iterator. This behavior is often desired for associative arrays, but can cause [unexpected results](https://twitter.com/hollodotme/status/1057909890566537217) for 'list-like' arrays. Explicitly requiring the parameter to be set ensures that the developer has to think about which behavior is desired for the situation at hand. **MoxioSniffs.PHP.DisallowDateTime**: Disallows usage of `\DateTime` and promotes the use of `\DateTimeImmutable`instead. The former being mutable can lead to some subtle but nasty bugs. See [this post](https://blog.nikolaposa.in.rs/2019/07/01/stop-using-datetime/)for more background on why you would want to discourage using `\DateTime`. **MoxioSniffs.PHP.DisallowMbDetectEncoding**: Disallows usage of `mb_detect_encoding`. This function has a misleading name that implies it can actually detect the encoding of a string, a problem which is generally impossible. Rather it checks a list of encodings until it finds one that *could* be the right one (i.e. the string is a valid byte sequence according to that encoding). Using `mb_check_encoding` (possibly in a loop) instead makes this much more explicit. See [this talk](https://www.youtube.com/watch?v=K2zS6vbBb9A) for more background information on this topic. **MoxioSniffs.PHP.DisallowUtf8EncodeDecode**: Disallows calls to `utf8_encode()` and `utf8_decode()`. These functions can be considered misleading because they only convert to/from ISO-8859-1, and do not 'magically' detect the source/target encoding. Using `iconv()` or `mb_convert_encoding()` instead makes both character encodings that play a role in the conversion explicit. **MoxioSniffs.PHP.DisallowDateCreateFromFormatWithUnspecifiedTimeComponent**: Disallows calls to `\DateTime::createFromFormat`, `\DateTimeImmutable::createFromFormat`, `date_create_from_format` & `date_create_immutable_from_format` with formats which do not specify a time component and do not initialize fields to null. This would otherwise create DateTime(Immutable) objects with a time component set to the current (creation) time, which is probably never what you want and can be a source of bugs. Running tests ------------- [](#running-tests) After installing dependencies (including development dependencies) using Composer, run ``` $ ./vendor/bin/phpunit ``` from the project root dir. Versioning ---------- [](#versioning) This project adheres to [Semantic Versioning](http://semver.org/). Please note that, from the perspective of this library as a pick-and-match collection of sniffs (and not a complete coding standard), the addition of new sniffs will not be considered a breaking change and thus does not cause an increase in the major version number. License ------- [](#license) These sniffs are released under the MIT license. ### Health Score 60 — FairBetter than 98% of packages Maintenance74 Regular maintenance activity Popularity45 Moderate usage in the ecosystem Community29 Small or concentrated contributor base Maturity80 Battle-tested with a long release history Bus Factor1 Top contributor holds 81.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~104 days Recently: every ~234 days Total 33 Last Release 139d ago Major Versions v0.2.1 → v1.0.02017-06-26 v1.6.0 → v2.0.02018-11-07 PHP version history (3 changes)v1.3.0PHP ^5.6|^7.0 v2.2.0PHP ^7.1 v2.5.0PHP ^7.1 || ^8.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/815524?v=4)[Arnout Boks](/maintainers/aboks)[@aboks](https://github.com/aboks) ![](https://avatars.githubusercontent.com/u/273701?v=4)[Merijn Wijngaard](/maintainers/mwijngaard)[@mwijngaard](https://github.com/mwijngaard) ![](https://avatars.githubusercontent.com/u/4497863?v=4)[Moxio](/maintainers/moxio)[@Moxio](https://github.com/Moxio) --- Top Contributors [![aboks](https://avatars.githubusercontent.com/u/815524?v=4)](https://github.com/aboks "aboks (77 commits)")[![dheineman](https://avatars.githubusercontent.com/u/516028?v=4)](https://github.com/dheineman "dheineman (6 commits)")[![mwijngaard](https://avatars.githubusercontent.com/u/273701?v=4)](https://github.com/mwijngaard "mwijngaard (4 commits)")[![Jeroeny](https://avatars.githubusercontent.com/u/1517978?v=4)](https://github.com/Jeroeny "Jeroeny (3 commits)")[![Potherca](https://avatars.githubusercontent.com/u/195757?v=4)](https://github.com/Potherca "Potherca (2 commits)")[![mjrider](https://avatars.githubusercontent.com/u/213105?v=4)](https://github.com/mjrider "mjrider (1 commits)")[![agriemink](https://avatars.githubusercontent.com/u/73390767?v=4)](https://github.com/agriemink "agriemink (1 commits)") --- Tags coding-standardsphp-codesnifferphpcodesniffer-standardstatic-analysisstrict-comparisonsstandardsphpcsPHP\_CodeSniffersniffs ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/moxio-php-codesniffer-sniffs/health.svg) ``` [![Health](https://phpackages.com/badges/moxio-php-codesniffer-sniffs/health.svg)](https://phpackages.com/packages/moxio-php-codesniffer-sniffs) ``` ### Alternatives [dealerdirect/phpcodesniffer-composer-installer PHP\_CodeSniffer Standards Composer Installer Plugin 598170.6M2.2k](/packages/dealerdirect-phpcodesniffer-composer-installer)[phpcsstandards/phpcsextra A collection of sniffs and standards for use with PHP\_CodeSniffer. 10327.7M59](/packages/phpcsstandards-phpcsextra)[acquia/coding-standards PHP\_CodeSniffer rules (sniffs) for Acquia coding standards 234.9M33](/packages/acquia-coding-standards) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)