PHPackages                             roave/infection-static-analysis-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. roave/infection-static-analysis-plugin

ActiveLibrary[Testing &amp; Quality](/categories/testing)

roave/infection-static-analysis-plugin
======================================

Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis

1.44.0(1mo ago)1344.4M↑41.7%21[9 issues](https://github.com/Roave/infection-static-analysis-plugin/issues)[6 PRs](https://github.com/Roave/infection-static-analysis-plugin/pulls)20MITPHPPHP ~8.4.0 || ~8.5.0CI passing

Since Sep 4Pushed 4d ago5 watchersCompare

[ Source](https://github.com/Roave/infection-static-analysis-plugin)[ Packagist](https://packagist.org/packages/roave/infection-static-analysis-plugin)[ RSS](/packages/roave-infection-static-analysis-plugin/feed)WikiDiscussions 1.45.x Synced 2d ago

READMEChangelog (10)Dependencies (17)Versions (94)Used By (20)

Infection Static Analysis Plugin
================================

[](#infection-static-analysis-plugin)

This plugin is designed to run static analysis on top of [`infection/infection`](https://github.com/infection/infection)test runs in order to discover if [escaped mutants](https://en.wikipedia.org/wiki/Mutation_testing)are valid mutations, or if they do not respect the type signature of your program. If the mutation would result in a type error, it is "killed".

TL;DR:

- This will improve your mutation score, since mutations which result in type errors become killed.
- This is very hacky, and replaces `vendor/bin/infection` essentially. Please read the `Stability` section below first for details.
- This is currently much slower than running infection by itself. There are ideas/suggestions to improve this in the future.

Usage
-----

[](#usage)

The current design of this tool requires you to run `vendor/bin/roave-infection-static-analysis-plugin`instead of running `vendor/bin/infection`:

```
composer require --dev roave/infection-static-analysis-plugin

vendor/bin/roave-infection-static-analysis-plugin
```

### Configuration

[](#configuration)

The `roave-infection-static-analysis-plugin` binary accepts all of `infection` flags and arguments, and an additional `--psalm-config` argument.

Using `--psalm-config`, you can specify the psalm configuration file to use when analysing the generated mutations:

```
vendor/bin/roave-infection-static-analysis-plugin --psalm-config config/psalm.xml
```

Background
----------

[](#background)

If you come from a statically typed language with AoT compilers, you may be confused about the scope of this project, but in the PHP ecosystem, producing runnable code that does not respect the type system is very easy, and mutation testing tools do this all the time.

Take for example following snippet:

```
/**
 * @template T
 * @param array $values
 * @return list
 */
function makeAList(array $values): array
{
    return array_values($values);
}
```

Given a valid test as follows:

```
function test_makes_a_list(): void
{
    $list = makeAList(['a' => 'b', 'c' => 'd']);

    assert(count($list) === 2);
    assert(in_array('b', $list, true));
    assert(in_array('d', $list, true));
}
```

The mutation testing framework will produce following mutation, since we failed to verify the output in a more precise way:

```
/**
 * @template T
 * @param array $values
 * @return list
 */
function makeAList(array $values): array
{
-    return array_values($values);
+    return $values;
}
```

The code above is valid PHP, but not valid according to our type declarations. While we can indeed write a test for this, such test would probably be unnecessary, as existing type checkers can detect that our actual return value is no longer a `list`, but a map of `array`, which is in conflict with what we declared.

This plugin detects such mutations, and prevents them from making you write unnecessary tests, leveraging the full power of existing PHP type checkers such as [phpstan](https://github.com/phpstan/phpstan) and [psalm](https://github.com/vimeo/psalm).

Stability
---------

[](#stability)

Since [`infection/infection`](https://github.com/infection/infection) is not yet designed to support plugins, this tool uses a very aggressive approach to bootstrap itself, and relies on internal details of the underlying runner.

To prevent compatibility issues, it therefore always pins to a very specific version of `infection/infection`, so please be patient when you wish to use the latest and greatest version of `infection/infection`, as we may still be catching up to it.

Eventually, we will contribute patches to `infection/infection` so that there is a proper way to design and use plugins, without the need for dirty hacks.

PHPStan? Psalm? Where's my favourite static analysis tool?
----------------------------------------------------------

[](#phpstan-psalm-wheres-my-favourite-static-analysis-tool)

Our initial scope of work for `1.0.x` is to provide `vimeo/psalm` support as a start, while other static analysers will be included at a later point in time.

###  Health Score

74

—

ExcellentBetter than 100% of packages

Maintenance94

Actively maintained with recent releases

Popularity59

Moderate usage in the ecosystem

Community44

Growing community involvement

Maturity88

Battle-tested with a long release history

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~24 days

Recently: every ~36 days

Total

86

Last Release

44d ago

PHP version history (11 changes)1.0.0PHP ^7.4.7

1.6.0PHP ~7.4.7|~8.0.0

1.10.x-devPHP ~7.4.7|~8.0.0|~8.1.0

1.19.0PHP ~8.0.0|~8.1.0

1.23.0PHP ~8.0.0|~8.1.0|~8.2.0

1.26.x-devPHP ~8.1.0 || ~8.2.0

1.33.0PHP ~8.1.0 || ~8.2.0 || ~8.3.0

1.36.0PHP ~8.2.0 || ~8.3.0 || ~8.4.0

1.41.x-devPHP ~8.3.0 || ~8.4.0

1.42.0PHP ~8.3.0 || ~8.4.0 || ~8.5.0

1.44.x-devPHP ~8.4.0 || ~8.5.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/fd0445bc21fa116c259b5889377b90cbd8a34d49357321f76a74f6d2c2ae6b0c?d=identicon)[Ocramius](/maintainers/Ocramius)

---

Top Contributors

[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (418 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (383 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (183 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (170 commits)")[![Ocramius](https://avatars.githubusercontent.com/u/154256?v=4)](https://github.com/Ocramius "Ocramius (151 commits)")[![azjezz](https://avatars.githubusercontent.com/u/29315886?v=4)](https://github.com/azjezz "azjezz (7 commits)")[![alexander-schranz](https://avatars.githubusercontent.com/u/1698337?v=4)](https://github.com/alexander-schranz "alexander-schranz (7 commits)")[![kukulich](https://avatars.githubusercontent.com/u/260445?v=4)](https://github.com/kukulich "kukulich (7 commits)")[![fezfez](https://avatars.githubusercontent.com/u/1162307?v=4)](https://github.com/fezfez "fezfez (4 commits)")[![samdark](https://avatars.githubusercontent.com/u/47294?v=4)](https://github.com/samdark "samdark (3 commits)")[![pamil](https://avatars.githubusercontent.com/u/1897953?v=4)](https://github.com/pamil "pamil (3 commits)")[![WyriHaximus](https://avatars.githubusercontent.com/u/147145?v=4)](https://github.com/WyriHaximus "WyriHaximus (1 commits)")[![asgrim](https://avatars.githubusercontent.com/u/496145?v=4)](https://github.com/asgrim "asgrim (1 commits)")[![jdrieghe](https://avatars.githubusercontent.com/u/12606789?v=4)](https://github.com/jdrieghe "jdrieghe (1 commits)")[![simPod](https://avatars.githubusercontent.com/u/327717?v=4)](https://github.com/simPod "simPod (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/roave-infection-static-analysis-plugin/health.svg)

```
[![Health](https://phpackages.com/badges/roave-infection-static-analysis-plugin/health.svg)](https://phpackages.com/packages/roave-infection-static-analysis-plugin)
```

###  Alternatives

[infection/infection

Infection is a Mutation Testing framework for PHP. The mutation adequacy score can be used to measure the effectiveness of a test set in terms of its ability to detect faults.

2.2k28.9M2.4k](/packages/infection-infection)[symfony/symfony

The Symfony PHP framework

31.4k87.2M2.2k](/packages/symfony-symfony)[behat/behat

Scenario-oriented BDD framework for PHP

4.0k101.8M2.2k](/packages/behat-behat)[symfony/framework-bundle

Provides a tight integration between Symfony components and the Symfony full-stack framework

3.6k251.7M11.6k](/packages/symfony-framework-bundle)[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k185.6M2.4k](/packages/symfony-security-bundle)[symfony/web-profiler-bundle

Provides a development tool that gives detailed information about the execution of any request

2.3k160.5M1.2k](/packages/symfony-web-profiler-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
