Can Mago replace PHPStan and Psalm for Laravel static analysis?

Mago can replace PHPStan and Psalm for basic static analysis in Laravel, but it lacks native support for Laravel-specific features like route model binding or service container validation. Start with linting/formatting (low risk) before enabling static analysis, and supplement with custom rules for Laravel patterns.

How does Mago handle Blade templates in Laravel?

Mago doesn’t natively parse Blade syntax, so it won’t analyze template logic. Exclude Blade files using `--ignore` flags or `.magoignore`, or pair it with a dedicated tool like `blade-analyzer` for template security checks (e.g., XSS/SQLi risks).

What Laravel versions does Mago support?

Mago works with any Laravel version (5.8+) since it operates on PHP code, not Laravel-specific APIs. However, static analysis may misinterpret dynamic Laravel features (e.g., `__call()`, magic methods). Use `--level` flags to adjust sensitivity or write custom rules for Laravel patterns.

How do I integrate Mago into Laravel’s CI/CD pipeline?

Mago supports GitHub Actions annotations (`--reporting-format=github`) and JUnit XML for CI tools. Benchmark performance on your Laravel repo first—static analysis adds minimal overhead (often <1s for 10K+ lines). Cache Rust binaries in Docker to speed up CI builds.

Does Mago auto-fix Laravel coding standards (e.g., PSR-12)?

Yes, Mago auto-fixes formatting issues (e.g., PSR-12) and basic linting errors out of the box. For Laravel-specific standards (e.g., route naming conventions), create custom rules or extend existing ones via Mago’s plugin system.

Will Mago break existing Laravel projects during static analysis?

Mago is designed to be non-breaking when used in `--check` mode first. Start with linting/formatting, then gradually enable static analysis. False positives (e.g., from Laravel’s dynamic features) can be tuned with `--level` or custom rules.

How does Mago’s performance compare to PHPStan/Psalm in Laravel?

Mago is significantly faster (Rust-based) than PHPStan/Psalm, often completing analysis in milliseconds for large Laravel apps. Benchmark your project: Mago typically processes 10K+ lines of PHP in under 1 second, while PHPStan/Psalm may take 5–10x longer.

Can I use Mago alongside Laravel Pint or PHP-CS-Fixer?

Mago replaces Pint and PHP-CS-Fixer for formatting/linting, but you can run them in parallel during migration. Use Mago’s `--check` mode to verify consistency before fully adopting it. For hybrid setups, exclude files processed by other tools via `.magoignore`.

Are there Laravel-specific rules or plugins for Mago?

Mago doesn’t include Laravel-specific rules out of the box, but you can create custom rules (e.g., `NoHardcodedRoutes`, `ValidateServiceBindings`) using its plugin system. Check the [community rules repository](https://github.com/carthage-software/mago-rules) for examples.

What’s the best way to handle false positives in Mago’s static analysis for Laravel?

Start by adjusting the analysis level (`--level=1` for basic checks). For Laravel-specific false positives (e.g., dynamic properties), write custom rules or suppress issues with `// @mago-ignore`. Document your triage process for the team to ensure consistent handling.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Mago Laravel Package

Q: Does Mago auto-fix Laravel coding standards (e.g., PSR-12)?

Yes, Mago auto-fixes formatting issues (e.g., PSR-12) and basic linting errors out of the box. For Laravel-specific standards (e.g., route naming conventions), create custom rules or extend existing ones via Mago’s plugin system.

Q: Will Mago break existing Laravel projects during static analysis?

Mago is designed to be non-breaking when used in `--check` mode first. Start with linting/formatting, then gradually enable static analysis. False positives (e.g., from Laravel’s dynamic features) can be tuned with `--level` or custom rules.

Q: How does Mago’s performance compare to PHPStan/Psalm in Laravel?

Mago is significantly faster (Rust-based) than PHPStan/Psalm, often completing analysis in milliseconds for large Laravel apps. Benchmark your project: Mago typically processes 10K+ lines of PHP in under 1 second, while PHPStan/Psalm may take 5–10x longer.

Q: Can I use Mago alongside Laravel Pint or PHP-CS-Fixer?

Mago replaces Pint and PHP-CS-Fixer for formatting/linting, but you can run them in parallel during migration. Use Mago’s `--check` mode to verify consistency before fully adopting it. For hybrid setups, exclude files processed by other tools via `.magoignore`.

Q: Are there Laravel-specific rules or plugins for Mago?

Mago doesn’t include Laravel-specific rules out of the box, but you can create custom rules (e.g., `NoHardcodedRoutes`, `ValidateServiceBindings`) using its plugin system. Check the [community rules repository](https://github.com/carthage-software/mago-rules) for examples.

Q: What’s the best way to handle false positives in Mago’s static analysis for Laravel?

Start by adjusting the analysis level (`--level=1` for basic checks). For Laravel-specific false positives (e.g., dynamic properties), write custom rules or suppress issues with `// @mago-ignore`. Document your triage process for the team to ensure consistent handling.

carthage-software/mago

Mago is an extremely fast PHP linter, formatter, and static analyzer written in Rust. It brings Rust-inspired speed and reliability to PHP projects with a modern toolchain and great developer experience, plus multiple install options (script, Homebrew, Composer).

View on GitHub

Deep Wiki

Context7

Mago is an extremely fast PHP linter, formatter, and static analyzer written in Rust, built to bring Rust-like speed and reliability to PHP projects. It helps teams enforce consistent style, catch issues early, and improve overall code quality with a great developer experience.

Linting to detect errors and code smells quickly
Formatting for consistent, automated code style
Static analysis to surface potential bugs and type issues
Cross-platform installs (script, Homebrew, Composer, Cargo)
CI-friendly workflows with reliable, repeatable results

Frequently asked questions about Mago

Can Mago replace PHPStan and Psalm for Laravel static analysis?: Mago can replace PHPStan and Psalm for basic static analysis in Laravel, but it lacks native support for Laravel-specific features like route model binding or service container validation. Start with linting/formatting (low risk) before enabling static analysis, and supplement with custom rules for Laravel patterns.
How does Mago handle Blade templates in Laravel?: Mago doesn’t natively parse Blade syntax, so it won’t analyze template logic. Exclude Blade files using `--ignore` flags or `.magoignore`, or pair it with a dedicated tool like `blade-analyzer` for template security checks (e.g., XSS/SQLi risks).
What Laravel versions does Mago support?: Mago works with any Laravel version (5.8+) since it operates on PHP code, not Laravel-specific APIs. However, static analysis may misinterpret dynamic Laravel features (e.g., `__call()`, magic methods). Use `--level` flags to adjust sensitivity or write custom rules for Laravel patterns.
How do I integrate Mago into Laravel’s CI/CD pipeline?: Mago supports GitHub Actions annotations (`--reporting-format=github`) and JUnit XML for CI tools. Benchmark performance on your Laravel repo first—static analysis adds minimal overhead (often <1s for 10K+ lines). Cache Rust binaries in Docker to speed up CI builds.
Does Mago auto-fix Laravel coding standards (e.g., PSR-12)?: Yes, Mago auto-fixes formatting issues (e.g., PSR-12) and basic linting errors out of the box. For Laravel-specific standards (e.g., route naming conventions), create custom rules or extend existing ones via Mago’s plugin system.
Will Mago break existing Laravel projects during static analysis?: Mago is designed to be non-breaking when used in `--check` mode first. Start with linting/formatting, then gradually enable static analysis. False positives (e.g., from Laravel’s dynamic features) can be tuned with `--level` or custom rules.
How does Mago’s performance compare to PHPStan/Psalm in Laravel?: Mago is significantly faster (Rust-based) than PHPStan/Psalm, often completing analysis in milliseconds for large Laravel apps. Benchmark your project: Mago typically processes 10K+ lines of PHP in under 1 second, while PHPStan/Psalm may take 5–10x longer.
Can I use Mago alongside Laravel Pint or PHP-CS-Fixer?: Mago replaces Pint and PHP-CS-Fixer for formatting/linting, but you can run them in parallel during migration. Use Mago’s `--check` mode to verify consistency before fully adopting it. For hybrid setups, exclude files processed by other tools via `.magoignore`.
Are there Laravel-specific rules or plugins for Mago?: Mago doesn’t include Laravel-specific rules out of the box, but you can create custom rules (e.g., `NoHardcodedRoutes`, `ValidateServiceBindings`) using its plugin system. Check the [community rules repository](https://github.com/carthage-software/mago-rules) for examples.
What’s the best way to handle false positives in Mago’s static analysis for Laravel?: Start by adjusting the analysis level (`--level=1` for basic checks). For Laravel-specific false positives (e.g., dynamic properties), write custom rules or suppress issues with `// @mago-ignore`. Document your triage process for the team to ensure consistent handling.

View on GitHub

Stars

2,992

Favorites

2,993

Forks

144

Score

71.6

License

Apache-2.0

Last release

Apr 8, 2026

Watchers

Downloads

115K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport