phanalist
Performant static analyzer for PHP, written in Rust. Catches common mistakes and enforces best practices with zero configuration required.
β¨ Features
- π Fast β built in Rust, analyzes large codebases in seconds
- π 14 built-in rules β covering complexity, style, design patterns, and more
- βοΈ Zero config to start β works out of the box, configure only what you need
- π Multiple output formats β
text,json, andsarif(for CI pipelines) - π Extensible β adding a custom rule takes minutes
Installation
The simplest way to install Phanalist is to use the installation script:
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/denzyldick/phanalist/main/bin/init.sh | sh
It will automatically download the executable for your platform:
$ ~/phanalist -V
phanalist 1.0.0
There are also multiple other installation options.
Usage
To analyze your project sources, run:
~/phanalist
Example
On the first run phanalist.yaml will be created with the default configuration and reused on all subsequent runs.
Additional CLI flags:
| Flag | Description | Default |
|---|---|---|
--config |
Path to configuration file | ./phanalist.yaml |
--src |
Path to project sources | ./src |
--output-format |
Output format: text, json, sarif |
text |
--summary-only |
Show only violation counts per rule | β |
--quiet |
Suppress all output | β |
Configuration
enabled_rules: [] # empty = all rules active
disable_rules: []
rules:
E0007:
check_constructor: true
max_parameters: 5
E0009:
max_complexity: 10
E0010:
max_paths: 200
E0012:
include_namespaces:
- "App\\Service\\"
- "App\\Controller\\"
exclude_namespaces: []
enabled_rulesβ whitelist of rules to run (empty = all)disable_rulesβ rules to skiprulesβ per-rule configuration options
Rules
| Code | Name | Options |
|---|---|---|
| E0000 | Example rule | Β |
| E0001 | Opening tag position | Β |
| E0002 | Empty catch | Β |
| E0003 | Method modifiers | Β |
| E0004 | Uppercase constants | Β |
| E0005 | Capitalized class name | Β |
| E0006 | Property modifiers | Β |
| E0007 | Method parameters count | check_constructor: true, max_parameters: 5 |
| E0008 | Return type signature | Β |
| E0009 | Cyclomatic complexity | max_complexity: 10 |
| E0010 | Npath complexity | max_paths: 200 |
| E0011 | Detect error suppression symbol (@) |
Β |
| E0012 | Service compatibility with Shared Memory Model | include_namespaces, exclude_namespaces, reset_interfaces |
| E0013 | Private method not being used | Β |
| E0014 | Law of Demeter | Β |
Adding a new rule is straightforward β this tutorial explains how.
Articles
Read a series of chapters on https://dev.to/denzyldick to understand the projectβs internals β a great, easy-to-read introduction.