Weave Code
Phpcodesniffer Composer Installer Laravel Package
dealerdirect/phpcodesniffer-composer-installer
Composer installer plugin that automatically discovers and installs PHP_CodeSniffer coding standards (rulesets) from Composer packages. It configures PHPCS installed_paths for you, avoiding manual symlinks and configuration. Supports PHPCS 3/4 and Composer 2.2+.
Technical Evaluation
Architecture Fit
- Seamless Composer Integration: The package leverages Composer’s plugin system, aligning perfectly with Laravel’s dependency management workflow. It eliminates manual
installed_pathsconfiguration inphpcs.xmlby automating PHPCS standard discovery and registration. - Decoupled from Core Logic: Operates independently of Laravel’s framework-specific components (e.g., no Blade, Eloquent, or routing dependencies), making it a low-risk add-on for code quality pipelines.
- Standardized Workflow: Enforces consistency across teams by dynamically linking PHPCS standards to Composer-managed packages, reducing configuration drift.
Integration Feasibility
- Minimal Laravel-Specific Overhead: No Laravel-specific hooks or middleware required. Integration is purely via
composer.jsonand CLI execution (./vendor/bin/phpcs). - CI/CD Friendly: Designed for automated environments (e.g., GitHub Actions, GitLab CI), with explicit support for script-based invocation (
composer run-script). - Backward Compatibility: Supports PHP 5.4+ (though Laravel’s minimum is PHP 8.0+), Composer 2.2+, and PHPCS 3.x/4.x, ensuring no forced upgrades.
Technical Risk
- Plugin Execution Permissions: Composer 2.2+ requires explicit
allow-pluginsconfiguration, which may introduce onboarding friction if teams lack Composer admin rights. - Search Depth Limitations: Default 3-level directory depth for standard discovery could fail in deeply nested Laravel modules (e.g., custom packages in
packages/). Mitigated viaextra.phpcodesniffer-search-depth. - Global vs. Local Plugin Conflict: Global Composer installations might override project-specific versions, risking inconsistent behavior. Documented but rarely encountered in CI/CD.
- PHPCS Version Mismatches: If a project mixes PHPCS 3.x/4.x standards, the plugin may silently fail to register some rulesets. Requires explicit version alignment in
require-dev.
Key Questions
-
CI/CD Pipeline Impact:
- How will this plugin interact with existing
post-install-cmdorpost-update-cmdscripts in Laravel’scomposer.json? - Will parallel Composer operations (e.g.,
composer install --no-scripts) break PHPCS standard registration?
- How will this plugin interact with existing
-
Performance:
- What is the overhead of scanning
vendor/for standards duringcomposer install? (Critical for large Laravel monorepos.)
- What is the overhead of scanning
-
Custom Standards:
- How will the team handle project-specific PHPCS standards (e.g., custom rules in
app/Rules/)? Will they need manualinstalled_pathsentries?
- How will the team handle project-specific PHPCS standards (e.g., custom rules in
-
Dependency Conflicts:
- Could conflicting PHPCS standard versions (e.g.,
phpcompatibility/php-compatibility:^9.0vs.^10.0) cause runtime errors?
- Could conflicting PHPCS standard versions (e.g.,
-
Debugging:
- What tools exist to audit which standards are registered and why? (e.g.,
phpcs -ivs.composer why-not dealerdirect/phpcodesniffer-composer-installer)
- What tools exist to audit which standards are registered and why? (e.g.,
Integration Approach
Stack Fit
- Laravel Ecosystem: Ideal for Laravel projects using:
- PHPCS for Static Analysis: Replaces manual
installed_pathsinphpcs.xmlwith Composer-managed standards. - Custom Coding Standards: Simplifies distribution of internal standards (e.g.,
company/phpcodesniffer-standards) via Packagist. - CI/CD Pipelines: Automates standard registration in GitHub Actions/GitLab CI without custom scripts.
- PHPCS for Static Analysis: Replaces manual
- Toolchain Synergy:
- Works alongside Laravel Pint (PHP-CS-Fixer) for auto-fixing.
- Complements PHPStan or Psalm for type-based analysis.
- Integrates with Laravel Forge or Deployer for server-side PHPCS checks.
Migration Path
- Assessment Phase:
- Audit existing
phpcs.xmlfor manualinstalled_pathsentries. - Identify all PHPCS standard packages (e.g.,
psr12,squizlabs/php_codesniffer) incomposer.json.
- Audit existing
- Pilot Integration:
- Add
dealerdirect/phpcodesniffer-composer-installertorequire-dev. - Configure
allow-pluginsand test withcomposer install. - Verify
phpcs -ilists expected standards.
- Add
- Full Rollout:
- Replace
installed_pathsinphpcs.xmlwith<config name="installed_paths" value="composer-autoloaded"/>. - Update CI/CD to run
composer install --no-interaction(withallow-pluginspre-configured).
- Replace
- Custom Standards:
- Package internal standards as
phpcodesniffer-standardtype packages (e.g.,acme/phpcodesniffer-custom-rules). - Publish to a private Packagist repo or GitHub Packages.
- Package internal standards as
Compatibility
| Component | Compatibility | Mitigation |
|---|---|---|
| Laravel Version | All (no framework dependencies) | None |
| Composer Version | 2.2+ (Laravel 8+ default) | Downgrade not recommended; upgrade if needed. |
| PHPCS Version | 3.x/4.x (Laravel’s squizlabs/php_codesniffer typically uses 4.x) |
Align versions in require-dev. |
| PHP Version | 5.4+ (Laravel 8+ uses 8.0+) | No impact; Laravel’s PHP version takes precedence. |
| Custom PHPCS Rules | May require manual installed_paths if outside vendor/ |
Use extra.phpcodesniffer-search-depth or symlink. |
Sequencing
- Pre-requisite: Ensure
squizlabs/php_codesnifferis inrequire-dev(Laravel typically includes this). - Plugin Installation: Add
dealerdirect/phpcodesniffer-composer-installertorequire-dev. - Permission Setup: Run
composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer trueor add tocomposer.json. - Standard Registration: Add PHPCS standard packages (e.g.,
psr12,wp-coding-standards/wpcs). - Configuration Update: Replace
installed_pathsinphpcs.xmlwith<config name="installed_paths" value="composer-autoloaded"/>. - Testing: Validate with
composer install && ./vendor/bin/phpcs -i. - CI/CD Update: Add
composer install --no-interactionto workflows (ensureallow-pluginsis configured).
Operational Impact
Maintenance
- Low Ongoing Effort:
- No manual updates to
phpcs.xmlwhen adding/removing standards (handled by Composer). - Standard updates propagate via
composer update.
- No manual updates to
- Dependency Management:
- Version conflicts between PHPCS standards may require
composer why-notdebugging. - Plugin updates are infrequent (MIT license, active maintenance).
- Version conflicts between PHPCS standards may require
Support
- Troubleshooting:
- Common issues:
- Permission Denied: Composer 2.2+ plugin execution blocked. Fix:
composer config allow-plugins.... - Missing Standards: Check
composer.jsonforphpcodesniffer-standardpackages or adjustsearch-depth. - CI Failures: Ensure
allow-pluginsis set in CI environment variables.
- Permission Denied: Composer 2.2+ plugin execution blocked. Fix:
- Debugging Tools:
composer why dealerdirect/phpcodesniffer-composer-installer(checks dependencies)../vendor/bin/phpcs --config-show(validatesinstalled_paths).
- Common issues:
- Documentation:
- Minimal; relies on Composer Plugin Docs and PHPCS docs.
- Recommendation: Create an internal runbook for:
- Standard registration workflows.
- Handling custom rules outside
vendor/.
Scaling
- Performance:
- Composer Install Time: Minimal overhead (~1–2s for standard discovery in medium-sized projects).
- CI/CD: Parallelizable with other
post-install-cmdscripts.
- Large Teams:
- Reduces "works on my machine" issues by standardizing PHPCS environments.
- Enables self-service standard adoption (teams add standards via
composer require --dev).
Failure Modes
| Failure Scenario | Impact | Mitigation |
|---|---|---|
| Composer Plugin Blocked | PHPCS standards not registered; phpcs fails with "no standards found". |
Pre-configure allow-plugins in CI/CD. |
| PHPCS Version Mismatch | Some standards fail to load (e.g., PHPCS |
Weaver
How can I help you explore Laravel packages today?