
Performant static analyzer for PHP, written in Rust. Catches common mistakes and enforces best practices with zero configuration required.
text, json, and sarif (for CI pipelines)The simplest way to install Phanalist is to use the installation script:
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/denzyldick/phanalist/main/bin/init.sh | sh
It will automatically download the executable for your platform:
$ ~/phanalist -V
phanalist 1.0.0
There are also multiple other installation options.
To analyze your project sources, run:
~/phanalist

On the first run phanalist.yaml will be created with the default configuration and reused on all subsequent runs.
Additional CLI flags:
| Flag | Description | Default |
|---|---|---|
--config |
Path to configuration file | ./phanalist.yaml |
--src |
Path to project sources | ./src |
--output-format |
Output format: text, json, sarif |
text |
--summary-only |
Show only violation counts per rule | β |
--quiet |
Suppress all output | β |
enabled_rules: [] # empty = all rules active
disable_rules: []
rules:
E0007:
check_constructor: true
max_parameters: 5
E0009:
max_complexity: 10
E0010:
max_paths: 200
E0012:
include_namespaces:
- "App\\Service\\"
- "App\\Controller\\"
exclude_namespaces: []
enabled_rules β whitelist of rules to run (empty = all)disable_rules β rules to skiprules β per-rule configuration options| Code | Name | Options |
|---|---|---|
| E0000 | Example rule | Β |
| E0001 | Opening tag position | Β |
| E0002 | Empty catch | Β |
| E0003 | Method modifiers | Β |
| E0004 | Uppercase constants | Β |
| E0005 | Capitalized class name | Β |
| E0006 | Property modifiers | Β |
| E0007 | Method parameters count | check_constructor: true, max_parameters: 5 |
| E0008 | Return type signature | Β |
| E0009 | Cyclomatic complexity | max_complexity: 10 |
| E0010 | Npath complexity | max_paths: 200 |
| E0011 | Detect error suppression symbol (@) |
Β |
| E0012 | Service compatibility with Shared Memory Model | include_namespaces, exclude_namespaces, reset_interfaces |
| E0013 | Private method not being used | Β |
| E0014 | Law of Demeter | Β |
Adding a new rule is straightforward β this tutorial explains how.
Read a series of chapters on https://dev.to/denzyldick to understand the projectβs internals β a great, easy-to-read introduction.