PHPackages vix/phpstan-rules - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. vix/phpstan-rules ActivePhpstan-extension[Validation & Sanitization](/categories/validation) vix/phpstan-rules ================= PHPStan rules package with framework-specific rule sets v0.1.2(2w ago)018↓66.7%MITPHPPHP ^8.4CI passing Since May 11Pushed 2w agoCompare [ Source](https://github.com/vix-4800/phpstan-rules)[ Packagist](https://packagist.org/packages/vix/phpstan-rules)[ RSS](/packages/vix-phpstan-rules/feed)WikiDiscussions main Synced 1w ago READMEChangelog (3)Dependencies (3)Versions (4)Used By (0) PHPStan Rules ============= [](#phpstan-rules) PHPStan rules package with framework-specific rule sets. [![Tests](https://github.com/vix-4800/phpstan-rules/actions/workflows/tests.yml/badge.svg)](https://github.com/vix-4800/phpstan-rules/actions/workflows/tests.yml)[![PHPStan](https://github.com/vix-4800/phpstan-rules/actions/workflows/phpstan.yml/badge.svg)](https://github.com/vix-4800/phpstan-rules/actions/workflows/phpstan.yml)[![PHP Version](https://camo.githubusercontent.com/504ead6a583c68d8d62d7bfceed24e569ca613d7a36bed380281b3455b5c7b31/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253545382e342d626c7565)](https://www.php.net/)[![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://opensource.org/licenses/MIT) - [PHPStan Rules](#phpstan-rules) - [Setup](#setup) - [Versioning](#versioning) - [Rules](#rules) Setup ----- [](#setup) Install as a development dependency: ``` composer require --dev vix/phpstan-rules ``` Include extension config in PHPStan config: ``` includes: - vendor/vix/phpstan-rules/extension.neon ``` When `phpstan/extension-installer` is installed, `extension.neon` is loaded automatically. Enable all currently available rules: ``` parameters: vixPhpstan: php: rules: all: true yii2: rules: all: true ``` Or enable selected rules: ``` parameters: vixPhpstan: php: rules: remoteFileGetContents: true disabledSslVerification: true yii2: rules: missingAccessRule: true missingVerbFilterRule: true queryOneWithoutLimit: true ``` Current config from `extension.neon`: ``` parameters: vixPhpstan: php: rules: all: false disabledSslVerification: false httpClientWithoutTimeout: false remoteFileGetContents: false yii2: rules: activeDataProviderWithoutPagination: false all: false componentInitParentCall: false controllerBeforeActionParentResultIgnored: false csrfDisabledWithoutCompensatingControl: false deleteAllOrUpdateAllWithoutWhere: false fileValidatorTooLoose: false imageValidatorTooLoose: false lifecycleParentCall: false lifecycleSelfSave: false massSelectionWithoutLimit: false missingAccessRule: false missingAjaxFilterRule: false missingVerbFilterRule: false mixedResponseTypesInAction: false mutatingActionAllowsGet: false nPlusOneRelationInLoop: false nativeHeaderInController: false responseStatusCodeAssignmentInController: false publicAllowWithoutConstraint: false queryOneWithoutLimit: false queryPerformanceSmell: false rawSqlConditionWithVariable: false redirectReferrerWithoutFallback: false responseFormatAssignmentInController: false saveFalseWithoutReason: false scenarioAssignedAfterLoad: false sensitiveAttributeMarkedSafe: false transactionWithoutRollbackHandling: false unboundedQueryResult: false unknownActionInBehavior: false webControllerOnlyActions: false allowedSaveFalseNamespaces: [] sensitiveAttributePatterns: - '~^(id|user_id|created_at|updated_at|created_by|updated_by|role|status|...|is_admin)$~i' ``` Override example: ``` parameters: vixPhpstan: yii2: allowedSaveFalseNamespaces: - app\migrations ``` Versioning ---------- [](#versioning) This package follows Semantic Versioning. - `main` is aliased to `0.1.x-dev` until the first stable release line moves forward. - The first stable tag for this package should be `v0.1.0`. - Stable installs should use a constraint such as `^0.1` once `v0.1.0` is tagged. - Before the first stable tag exists, use the development constraint `0.1.x-dev`. Example constraints: ``` composer require --dev vix/phpstan-rules:^0.1 composer require --dev vix/phpstan-rules:0.1.x-dev ``` Rules ----- [](#rules) Detailed rule descriptions, before/after examples, and rule-specific parameters are documented in [docs/RULES.md](docs/RULES.md). ### Health Score 41 — FairBetter than 87% of packages Maintenance96 Actively maintained with recent releases Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 87.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~5 days Total 3 Last Release 18d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/beb65b3be22266de2e37752425321286ccc85ae5f882662f5a83456b960f3e97?d=identicon)[vix](/maintainers/vix) --- Top Contributors [![vix-4800](https://avatars.githubusercontent.com/u/55950607?v=4)](https://github.com/vix-4800 "vix-4800 (145 commits)")[![Copilot](https://avatars.githubusercontent.com/in/1143301?v=4)](https://github.com/Copilot "Copilot (21 commits)") --- Tags phpstanphpstan-extensionyii2PHPStandevstatic analysisyii2extensionrulesdev-tool ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/vix-phpstan-rules/health.svg) ``` [![Health](https://phpackages.com/badges/vix-phpstan-rules/health.svg)](https://phpackages.com/packages/vix-phpstan-rules) ``` ### Alternatives [larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k51.0M7.4k](/packages/larastan-larastan)[deptrac/deptrac Deptrac is a static code analysis tool that helps to enforce rules for dependencies between software layers. 2.9k7.9M99](/packages/deptrac-deptrac)[shipmonk/dead-code-detector Dead code detector to find unused PHP code via PHPStan extension. Can automatically remove dead PHP code. Supports libraries like Symfony, Doctrine, PHPUnit etc. Detects dead cycles. Can detect dead code that is tested. 4753.1M82](/packages/shipmonk-dead-code-detector)[psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[ssch/typo3-rector Instant fixes for your TYPO3 PHP code by using Rector. 2603.0M381](/packages/ssch-typo3-rector)[rector/rector-src Instant Upgrade and Automated Refactoring of any PHP code 136400.8k14](/packages/rector-rector-src) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)