PHPackages                             shopwarelabs/phpstan-shopware - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. shopwarelabs/phpstan-shopware

ActiveLibrary[Testing &amp; Quality](/categories/testing)

shopwarelabs/phpstan-shopware
=============================

PhpStan Rules for Shopware

0.2.2(1mo ago)1258.2k↓14.5%58MITPHPPHP ^8.2CI failing

Since Jan 28Pushed 1mo ago6 watchersCompare

[ Source](https://github.com/shopware/phpstan-shopware)[ Packagist](https://packagist.org/packages/shopwarelabs/phpstan-shopware)[ RSS](/packages/shopwarelabs-phpstan-shopware/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (10)Dependencies (18)Versions (37)Used By (8)

PHPStan Rules for Shopware 6
============================

[](#phpstan-rules-for-shopware-6)

[![Latest Version on Packagist](https://camo.githubusercontent.com/c94f91225df3aaee106e52787925d768813590bbcf14db064700199b223d5603/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73686f70776172656c6162732f7068707374616e2d73686f70776172652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/shopwarelabs/phpstan-shopware)[![Total Downloads](https://camo.githubusercontent.com/23fcbd518195d181533aef42cb4bf3172076cdfb78255bc239ab6e518a105bc6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73686f70776172656c6162732f7068707374616e2d73686f70776172652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/shopwarelabs/phpstan-shopware)[![License](https://camo.githubusercontent.com/72369e15e5960156edd16245860a8511aed51e6b83042533092352b9e72d8c51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f73686f70776172656c6162732f7068707374616e2d73686f70776172652e7376673f7374796c653d666c61742d737175617265)](https://github.com/shopwarelabs/phpstan-shopware/blob/main/LICENSE.md)

This package provides additional PHPStan rules for Shopware 6 projects. It helps developers catch common mistakes and enforce best practices specific to Shopware development.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require --dev shopwarelabs/phpstan-shopware
```

Usage
-----

[](#usage)

To use these rules, include the package's configuration file in your PHPStan configuration:

```
includes:
    - vendor/shopwarelabs/phpstan-shopware/rules.neon
```

or you use PHPStan Extension Installer

Features
--------

[](#features)

- Custom rules for Shopware 6.5 specific patterns
- Improved type inference for Shopware core classes
- Additional checks for common Shopware development pitfalls

### Available Rules

[](#available-rules)

Here's a comprehensive list of all available rules:

1. **NoSuperglobalsRule**: Prevents usage of superglobals (`$_GET`, `$_POST`, `$_FILES`, `$_REQUEST`). Use proper request objects instead.
2. **DisallowFunctionsRule**: Prevents usage of certain disallowed functions in the codebase.
3. **NoEntityRepositoryInLoopRule**: Prevents EntityRepository method calls within loops to avoid N+1 query problems.
4. **NoSessionInPaymentHandlerAndStoreApiRule**: Prevents usage of session in payment handlers and Store API contexts.
5. **NoSymfonySessionInConstructorRule**: Prevents injection of Symfony Session in constructor to avoid early session starts.
6. **ForbidGlobBraceRule**: Prevents usage of glob brace expansion for better cross-platform compatibility.
7. **InternalClassExtendsRule**: Ensures proper extension of internal classes.
8. **NoUserEntityGetStoreTokenRule**: Prevents direct access to store tokens from User entities.
9. **MethodBecomesAbstractRule**: Checks for methods that should be abstract.
10. **ClassExtendUsesAbstractClassWhenExisting**: Enforces the use of abstract classes when they exist.
11. **NoDALFilterByID**: Prevents direct ID filtering in DAL queries.
12. **ScheduledTaskTooLowIntervalRule**: Ensures scheduled tasks don't have too low intervals.
13. **DisallowDefaultContextCreation**: Prevents creation of default contexts in inappropriate places.
14. **SetForeignKeyRule**: Enforces proper foreign key handling.
15. **InternalFunctionCallRule**: Controls usage of internal functions.
16. **InternalMethodCallRule**: Controls usage of internal methods.
17. **DisallowSessionFunctionsRule**: Prevents usage of session functions (`session_write_close`, `session_start`, `session_destroy`). Use the Symfony Session component instead.
18. **ForbidLocalDiskWriteRule**: Prevents local disk write operations (`file_put_contents`, `fopen` with write mode, `mkdir`, `unlink`, etc.). Use the temporary directory or Flysystem instead.
19. **ForwardSalesChannelContextToSystemConfigServiceRule**: Ensures that when a method has a SalesChannelContext parameter, it is forwarded to SystemConfigService methods as the salesChannelId argument.
20. **ForbidPredictableSaltRule**: Prevents hardcoded salts in `crypt()` and `password_hash()` calls, which are predictable and weaken security.
21. **ForbidWeakCryptoKeyRule**: Prevents weak cryptographic key sizes in `openssl_pkey_new()` calls. RSA keys must be at least 2048 bits.
22. **ForbidInsecureCookieRule**: Prevents setting cookies without the secure flag in `setcookie()` and `setrawcookie()` calls. Cookies should use `secure=true` for HTTPS-only transmission.
23. **ForbidInsecureSymfonyCookieRule**: Prevents creating Symfony `Cookie` objects without explicit `secure=true`. Detects `new Cookie(...)`, `Cookie::create(...)`, and `->withSecure(false)` calls. The `$secure` parameter must be explicitly set to `true` for HTTPS-only transmission.
24. **ForbidDisabledSslVerificationRule**: Prevents disabling SSL/TLS certificate verification in `curl_setopt()` and `stream_context_create()` calls, which allows man-in-the-middle attacks.
25. **NoEmptyResponseRule**: Detects Response class/subclass instantiations with empty or missing body content. Checks classes where the first constructor parameter represents the response body (e.g. `Response`, `JsonResponse`, `JsonApiResponse`) and allows empty bodies for status codes like 204, 301, 302, 304, 307, and 308.

Configuration
-------------

[](#configuration)

You can customize the behavior of these rules by adding configuration to your `phpstan.neon` file. See the [configuration section](#configuration) for more details.

Contributing
------------

[](#contributing)

Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

55

—

FairBetter than 97% of packages

Maintenance92

Actively maintained with recent releases

Popularity40

Moderate usage in the ecosystem

Community28

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 74.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~28 days

Recently: every ~46 days

Total

18

Last Release

40d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/7c45ef9077b73fce78afbfab2fa27e611a453dd77de003e2785ac84105d02bef?d=identicon)[shyim](/maintainers/shyim)

---

Top Contributors

[![shyim](https://avatars.githubusercontent.com/u/6224096?v=4)](https://github.com/shyim "shyim (76 commits)")[![lacknere](https://avatars.githubusercontent.com/u/26323889?v=4)](https://github.com/lacknere "lacknere (8 commits)")[![SpiGAndromeda](https://avatars.githubusercontent.com/u/15141351?v=4)](https://github.com/SpiGAndromeda "SpiGAndromeda (7 commits)")[![tinect](https://avatars.githubusercontent.com/u/135993?v=4)](https://github.com/tinect "tinect (3 commits)")[![yanbreu](https://avatars.githubusercontent.com/u/21680572?v=4)](https://github.com/yanbreu "yanbreu (3 commits)")[![mitelg](https://avatars.githubusercontent.com/u/6985627?v=4)](https://github.com/mitelg "mitelg (2 commits)")[![tschaefermedia](https://avatars.githubusercontent.com/u/18417659?v=4)](https://github.com/tschaefermedia "tschaefermedia (2 commits)")[![panakour](https://avatars.githubusercontent.com/u/12927166?v=4)](https://github.com/panakour "panakour (1 commits)")

---

Tags

hacktoberfest

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/shopwarelabs-phpstan-shopware/health.svg)

```
[![Health](https://phpackages.com/badges/shopwarelabs-phpstan-shopware/health.svg)](https://phpackages.com/packages/shopwarelabs-phpstan-shopware)
```

###  Alternatives

[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.5k55.4M8.5k](/packages/larastan-larastan)[phpstan/phpstan-symfony

Symfony Framework extensions and rules for PHPStan

79475.7M2.2k](/packages/phpstan-phpstan-symfony)[phpstan/phpstan-doctrine

Doctrine extensions for PHPStan

67272.8M1.4k](/packages/phpstan-phpstan-doctrine)[shipmonk/dead-code-detector

Dead code detector to find unused PHP code via PHPStan extension. Can automatically remove dead PHP code. Supports libraries like Symfony, Doctrine, PHPUnit etc. Detects dead cycles. Can detect dead code that is tested.

4853.5M91](/packages/shipmonk-dead-code-detector)[spaze/phpstan-disallowed-calls

PHPStan rules to detect disallowed method &amp; function calls, constant, namespace, attribute, property &amp; superglobal usages, with powerful rules to re-allow a call or a usage in places where it should be allowed.

33422.6M552](/packages/spaze-phpstan-disallowed-calls)[mglaman/phpstan-drupal

Drupal extension and rules for PHPStan

20731.4M189](/packages/mglaman-phpstan-drupal)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
