PHPackages seferov/symfony-psalm-plugin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. seferov/symfony-psalm-plugin Abandoned → [psalm/plugin-symfony](/?search=psalm%2Fplugin-symfony)Psalm-plugin[Utility & Helpers](/categories/utility) seferov/symfony-psalm-plugin ============================ Psalm Plugin for Symfony v1.1.2(6y ago)69.9k63[32 issues](https://github.com/psalm/symfony-psalm-plugin/issues)[12 PRs](https://github.com/psalm/symfony-psalm-plugin/pulls)MITPHPPHP ^7.1CI passing Since Jan 3Pushed 2mo ago7 watchersCompare [ Source](https://github.com/psalm/symfony-psalm-plugin)[ Packagist](https://packagist.org/packages/seferov/symfony-psalm-plugin)[ RSS](/packages/seferov-symfony-psalm-plugin/feed)WikiDiscussions 5.x Synced today READMEChangelog (10)Dependencies (5)Versions (6)Used By (0) Symfony Psalm Plugin ==================== [](#symfony-psalm-plugin) [![Integrate](https://github.com/psalm/psalm-plugin-symfony/workflows/Integrate/badge.svg)](https://github.com/psalm/psalm-plugin-symfony/workflows/Integrate/badge.svg) ### Installation [](#installation) ``` composer require --dev psalm/plugin-symfony vendor/bin/psalm --init vendor/bin/psalm-plugin enable psalm/plugin-symfony ``` ### Versions & Dependencies [](#versions--dependencies) Symfony Psalm PluginPHPSymfonyPsalm5.x^8.15, 6, 764.x^7.4, ^8.04, 5, 643.x^7.1, ^8.04, 5, 642.x^7.1, ^8.04, 541.x^7.13, 4, 53### Features [](#features) - Detects the `ContainerInterface::get()` result type. Works better if you [configure](#configuration) a compiled container XML file. - Detects parameter return types from `ContainerInterface::getParameter()`. - Supports [Service Subscribers](https://github.com/psalm/psalm-plugin-symfony/issues/20). Works only if you [configure](#configuration) a compiled container XML file. - Detects return types from console arguments (`InputInterface::getArgument()`) and options (`InputInterface::getOption()`). Enforces to use "InputArgument" and "InputOption" constants as a best practice. - Detects Doctrine repository classes associated to entities when configured via annotations. - Fixes `PossiblyInvalidArgument` for `Symfony\Component\HttpFoundation\Request::getContent()`. The plugin determines the real return type by checking the given argument and marks it as either "string" or "resource". - Detects the return type of `Symfony\Component\HttpFoundation\HeaderBag::get()` by checking the default value (third argument for < Symfony 4.4). - Detects the return types of `Symfony\Component\Messenger\Envelope::last` and `Symfony\Component\Messenger\Envelope::all`, based on the provided argument. - Taint analysis for Symfony. - Detects services and parameters [naming conventions](https://symfony.com/doc/current/contributing/code/standards.html#naming-conventions) violations. - Complains when `Container` is injected in a service, and asks to use dependency-injection instead. - Fixes `PropertyNotSetInConstructor` false positive issues: - $container in AbstractController - $context in ConstraintValidator classes - properties in custom `@Annotation` classes - And [much more](https://github.com/psalm/psalm-plugin-symfony/tree/master/tests/acceptance/acceptance)! ### Configuration [](#configuration) If you follow the installation instructions, the psalm-plugin command will add this plugin configuration to the `psalm.xml` configuration file. ``` ``` To be able to detect return types of services using ID (generally starts with `@` in Symfony YAML config files. Ex: `logger` service) `containerXml` must be provided. Example: ``` var/cache/dev/App_KernelDevDebugContainer.xml ``` This file path may change based on your Symfony version, file structure and environment settings. Default files are: - Symfony 3: `var/cache/dev/srcDevDebugProjectContainer.xml` - Symfony 4: `var/cache/dev/srcApp_KernelDevDebugContainer.xml` - Symfony 5+: `var/cache/dev/App_KernelDevDebugContainer.xml` Multiple container files can be configured. In this case, the first valid file is taken into account. If none of the given files is valid, a configuration exception is thrown. Example: ``` var/cache/dev/App_KernelDevDebugContainer.xml var/cache/dev/App_KernelTestDebugContainer.xml ``` If you're using PHP config files for Symfony 5.3+, you also need this for auto-loading of `Symfony\Config`: ``` ``` If you're using Symfony's `env()` or `param()` functions in your PHP config files, you also need this for auto-loading them: ``` ``` If you're getting the following error > MissingFile - config/preload.php - Cannot find file ...var/cache/prod/App\_KernelProdContainer.preload.php to include ...you can suppress it like this: ``` ``` #### Symfony version [](#symfony-version) By default, the plugin uses the `Kernel::MAJOR_VERSION` constant to determine your version of Symfony. However, this might not be accurate if you have Psalm installed globally. You can set the version explicitly using the `symfonyMajorVersion` configuration option: ``` 6 ``` ### Twig tainting (experimental) [](#twig-tainting-experimental) When it comes to taint analysis for Twig templates, there are currently two approaches: - The first one is based on a specific file analyzer (`Psalm\SymfonyPsalmPlugin\Twig\TemplateFileAnalyzer`) which leverages the Twig parser and visits the AST nodes. - The second one is based on the already compiled Twig templates, it only bridges calls from `Twig\Environment::render` to the actual `doRender` method of the compiled template. #### Twig Analyzer [](#twig-analyzer) This approach is more robust since it relies on the official Twig parser and node visitor mechanisms. For the moment, it is only able to detect simple tainted paths. To leverage the real Twig file analyzer, you have to configure a checker for the `.twig` extension as follows: ``` ``` [See the currently supported cases.](https://github.com/psalm/psalm-plugin-symfony/blob/master/tests/acceptance/acceptance/TwigTaintingWithAnalyzer.feature) #### Cache Analyzer [](#cache-analyzer) This approach is "dirtier", since it tries to connect the taints from the application code to the compiled PHP code representing a given template. It is theoretically able to detect more taints than the previous approach out-of-the-box, but it still lacks ways to handle inheritance and stuff like that. To allow the analysis through the cached template files, you have to add the `twigCachePath` entry to the plugin configuration : ``` /cache/twig ``` [See the currently supported cases.](https://github.com/psalm/psalm-plugin-symfony/blob/master/tests/acceptance/acceptance/TwigTaintingWithCachedTemplates.feature) ### Credits [](#credits) - Plugin created by [@seferov](https://github.com/seferov) - [@weirdan](https://github.com/weirdan) for [codeception psalm module](https://github.com/weirdan/codeception-psalm-module) ### Health Score 39 — LowBetter than 86% of packages Maintenance36 Infrequent updates — may be unmaintained Popularity31 Limited adoption so far Community29 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor3 3 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~23 days Total 4 Last Release 2251d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/610bd2fde1711e53582ff2e311a6a40c5fbf4056b30930720e3f315fdb39ae06?d=identicon)[ferhad](/maintainers/ferhad) --- Top Contributors [![seferov](https://avatars.githubusercontent.com/u/1233843?v=4)](https://github.com/seferov "seferov (101 commits)")[![VincentLanglet](https://avatars.githubusercontent.com/u/9052536?v=4)](https://github.com/VincentLanglet "VincentLanglet (15 commits)")[![danog](https://avatars.githubusercontent.com/u/7339644?v=4)](https://github.com/danog "danog (15 commits)")[![muglug](https://avatars.githubusercontent.com/u/2292638?v=4)](https://github.com/muglug "muglug (15 commits)")[![adrienlucas](https://avatars.githubusercontent.com/u/210622?v=4)](https://github.com/adrienlucas "adrienlucas (14 commits)")[![vudaltsov](https://avatars.githubusercontent.com/u/2552865?v=4)](https://github.com/vudaltsov "vudaltsov (10 commits)")[![d-mitrofanov-v](https://avatars.githubusercontent.com/u/88384601?v=4)](https://github.com/d-mitrofanov-v "d-mitrofanov-v (9 commits)")[![bendavies](https://avatars.githubusercontent.com/u/625392?v=4)](https://github.com/bendavies "bendavies (8 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (6 commits)")[![zmitic](https://avatars.githubusercontent.com/u/1964158?v=4)](https://github.com/zmitic "zmitic (5 commits)")[![ThomasLandauer](https://avatars.githubusercontent.com/u/1054469?v=4)](https://github.com/ThomasLandauer "ThomasLandauer (5 commits)")[![amberovsky](https://avatars.githubusercontent.com/u/477339?v=4)](https://github.com/amberovsky "amberovsky (4 commits)")[![micheh](https://avatars.githubusercontent.com/u/1307920?v=4)](https://github.com/micheh "micheh (4 commits)")[![andyexeter](https://avatars.githubusercontent.com/u/6660584?v=4)](https://github.com/andyexeter "andyexeter (3 commits)")[![HypeMC](https://avatars.githubusercontent.com/u/2445045?v=4)](https://github.com/HypeMC "HypeMC (3 commits)")[![weirdan](https://avatars.githubusercontent.com/u/57403?v=4)](https://github.com/weirdan "weirdan (3 commits)")[![enumag](https://avatars.githubusercontent.com/u/539462?v=4)](https://github.com/enumag "enumag (2 commits)")[![mdeboer](https://avatars.githubusercontent.com/u/1171956?v=4)](https://github.com/mdeboer "mdeboer (2 commits)")[![ostrolucky](https://avatars.githubusercontent.com/u/496233?v=4)](https://github.com/ostrolucky "ostrolucky (2 commits)")[![sidz](https://avatars.githubusercontent.com/u/1302230?v=4)](https://github.com/sidz "sidz (2 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/seferov-symfony-psalm-plugin/health.svg) ``` [![Health](https://phpackages.com/badges/seferov-symfony-psalm-plugin/health.svg)](https://phpackages.com/packages/seferov-symfony-psalm-plugin) ``` ### Alternatives [winzou/state-machine-bundle Bundle for the very lightweight yet powerful PHP state machine 34010.4M15](/packages/winzou-state-machine-bundle)[stfalcon/tinymce-bundle This Bundle integrates TinyMCE WYSIWYG editor into a Symfony2 project. 2692.9M24](/packages/stfalcon-tinymce-bundle)[sylius/taxonomy-bundle Flexible categorization system for Symfony. 26388.2k7](/packages/sylius-taxonomy-bundle)[symfony/ai-bundle Integration bundle for Symfony AI components 30282.3k6](/packages/symfony-ai-bundle)[sylius/addressing-bundle Addressing and zone management for Symfony applications. 33221.4k3](/packages/sylius-addressing-bundle)[sylius/inventory-bundle Flexible inventory management for Symfony applications. 19176.7k4](/packages/sylius-inventory-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)