Weave Code
Eckinox Cs Laravel Package
eckinox/eckinox-cs
Eckinox CS adds linting and coding standards to PHP projects. Installs and configures PHP-CS-Fixer, PHPStan, PHPMD and more, plus JS deps, config files, helper scripts, a git pre-commit hook, and a GitHub Actions workflow.
Technical Evaluation
Architecture Fit
- Pros:
- Opinionated but flexible: Aligns with Laravel’s ecosystem (PHPStan, PHP-CS-Fixer, and Twig-CS-Fixer are widely adopted in Laravel projects). The package’s preconfigured rules (e.g., Symfony-inspired PHPMD settings) reduce friction for teams already using Symfony/Laravel components.
- Multi-language support: Covers PHP, JavaScript (ESLint), CSS (Stylelint), and Twig, which is valuable for full-stack Laravel apps with frontend assets or Blade templates.
- Git/GitHub-native: Integrates seamlessly with Git pre-commit hooks and GitHub Actions, fitting modern Laravel workflows (e.g., Laravel Forge, Envoyer, or custom CI).
- EditorConfig: Standardizes IDE settings (e.g., indentation, line endings) across teams, a common pain point in Laravel projects with mixed IDE usage (PhpStorm, VS Code, etc.).
- Cons:
- Opinionated rules: May conflict with existing project-specific linting rules (e.g., custom PHPStan levels or PSR-12 deviations). The package’s warning against manual config edits could limit customization.
- Monolithic setup: Bundles tools (e.g., ESLint, Stylelint) that might not be needed in all Laravel projects, adding unnecessary dependencies.
- Git hook conflicts: Overwrites existing pre-commit hooks, requiring manual merging if the project already has one.
Integration Feasibility
- Laravel Compatibility:
- High: All included tools (PHP-CS-Fixer, PHPStan, PHPMD) are Laravel-compatible. Twig-CS-Fixer is critical for Blade template linting, and ESLint/Stylelint are useful for frontend assets (e.g., Laravel Mix/Vite).
- Potential conflicts:
- If the project uses custom PHPStan baselines or unique PSR-12 deviations, the package’s rules may need adjustment.
- Laravel Valet/Laravel Sail: The
npm installstep could interfere with existing frontend tooling (e.g., if the project uses Yarn or custom Webpack configs).
- Dependency Risks:
- Node.js requirement: Adds a JS dependency stack (ESLint, Stylelint) that may not be managed by the PHP team, increasing operational complexity.
- Composer plugin: Uses an installer plugin to auto-generate files, which could cause issues in projects with custom Composer scripts or monorepo setups.
Technical Risk
| Risk Area | Severity | Mitigation Strategy |
|---|---|---|
| Rule conflicts | High | Audit existing .php_cs, phpstan.neon, and custom ESLint configs pre-integration. |
| Git hook collisions | Medium | Test locally with git commit before merging; document hook merge steps in PR. |
| Node.js version | Medium | Pin Node.js version in .nvmrc or Dockerfile to avoid runtime issues. |
| CI pipeline impact | Low | Run the GitHub Actions workflow in a PR to validate compatibility. |
| Performance overhead | Low | Benchmark pre-commit hook execution time; exclude large files (e.g., vendor/) via .gitignore. |
Key Questions for Stakeholders
- Code Standards:
- Does the team already adhere to a specific standard (e.g., PSR-12, Symfony)? If so, how does it differ from Eckinox’s rules?
- Are there exceptions (e.g., legacy code, third-party libraries) that should bypass linting?
- Tooling Preferences:
- Is the team already using alternative tools (e.g., Psalm instead of PHPStan, Prettier instead of ESLint)?
- Should JavaScript/CSS linting (ESLint/Stylelint) be optional or disabled for backend-focused teams?
- CI/CD Impact:
- How will this integrate with existing CI pipelines (e.g., GitLab CI, CircleCI, or Laravel-specific tools like Laravel Envoyer)?
- Should the GitHub Actions workflow replace or supplement current checks?
- Maintenance:
- Who will update the package when new versions are released (e.g., PHP 8.3 compatibility)?
- How will custom rule overrides be handled (e.g., if the team later wants to adjust PHPStan levels)?
- Onboarding:
- Will developers need training on bypassing pre-commit hooks (e.g., for urgent fixes)?
- How will IDE-specific configurations (e.g., PhpStorm vs. VS Code) be standardized?
Integration Approach
Stack Fit
- Laravel Ecosystem:
- PHP Tools: PHP-CS-Fixer, PHPStan, and PHPMD are native Laravel dependencies and widely used in the community. Twig-CS-Fixer is essential for Blade template linting.
- Frontend Tools: ESLint and Stylelint integrate with Laravel Mix/Vite, but may require configuration alignment (e.g., if the project uses custom ESLint presets).
- Git/GitHub: The pre-commit hook and GitHub Actions workflow are first-class citizens in Laravel’s modern workflows (e.g., Laravel Breeze, Jetstream).
- Non-Laravel Considerations:
- If the project uses Symfony components, the PHPMD rules (e.g., Symfony-specific exclusions) may align well.
- For pure PHP (non-Laravel) projects, the Twig-CS-Fixer and frontend tools (ESLint/Stylelint) may be redundant.
Migration Path
- Pre-Integration Audit:
- Review existing
.php_cs,phpstan.neon, and ESLint configs for conflicts. - Document custom rules or exceptions (e.g.,
// phpcs:ignoreannotations).
- Review existing
- Staged Rollout:
- Phase 1: Add the package in a feature branch and test locally:
composer require --dev eckinox/eckinox-cs npm install chmod +x DEV/**/* - Phase 2: Merge the Git pre-commit hook after verifying no conflicts with existing hooks.
- Phase 3: Enable the GitHub Actions workflow in a non-production branch to validate CI compatibility.
- Phase 1: Add the package in a feature branch and test locally:
- Fallback Plan:
- If conflicts arise, disable specific tools by modifying the
DEV/cs/scripts (e.g., skip PHPStan if baselines are incompatible). - Use the
pre-commit-with-bypassscript for critical fixes during transition.
- If conflicts arise, disable specific tools by modifying the
Compatibility
| Component | Compatibility Notes |
|---|---|
| PHP Version | Supports PHP 8.1+ (check composer.json for project’s min PHP version). |
| Node.js | Requires Node.js 16+ (pin version in .nvmrc or package.json engines field). |
| Laravel Version | Tested with Symfony 6+; may need adjustments for older Laravel versions (e.g., <8.x). |
| Existing Configs | Risk: Overwrites .editorconfig, .php_cs.dist, etc. Backup files pre-install. |
| Monorepos | Risk: May install tools globally; scope to Laravel app directory only. |
| Dockerized Environments | Ensure npm install and chmod steps are included in Docker builds. |
Sequencing
- Development Environment:
- Install in a local dev branch and test with:
composer install npm install ./DEV/cs run # Test all tools
- Install in a local dev branch and test with:
- CI Pipeline:
- Add the GitHub Actions workflow to a non-master branch first to validate compatibility.
- Example workflow trigger:
on: [pull_request, push]
- Production Rollout:
- Merge to
mainafter confirming no false positives in PRs. - Communicate the pre-commit hook to developers to avoid merge conflicts.
- Merge to
Operational Impact
Maintenance
- Pros:
- Reduced tooling maintenance: Single package update handles PHP-CS-Fixer, PHPStan, etc.
- Centralized configs: Rules are managed via the package, reducing drift across dev environments.
- GitHub Actions: Automates linting in PRs, reducing manual review effort.
- Cons:
- Vendor Lock-in: Custom rules require modifying the package or forking it.
- Update Cadence: New versions may introduce breaking changes (e.g., stricter PHPStan levels).
- Dependency Bloat: ESLint/Stylelint add maintenance overhead for backend-focused teams.
Support
- Developer Onboarding:
- Positive: Standardized rules reduce "works on my machine" issues.
- Negative: Developers may need training on:
- Bypassing pre-commit hooks (e.g., `git commit --no
Weaver
How can I help you explore Laravel packages today?