Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Code Sniffer
Assessments

Code Sniffer Laravel Package

php-collective/code-sniffer

PHP_CodeSniffer ruleset from PhpCollective. PSR-2 compliant with many extra sniffs/fixers (incl. PSR-12) plus an optional stricter standard (PhpCollectiveStrict). Install via Composer and run phpcs/phpcbf, or wire into CI/IDE.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Laravel/PSR Compliance: The package adheres to PSR-2 and PSR-12, making it a natural fit for Laravel projects (which already enforce PSR standards). It extends these with PhpCollective-specific rules, offering stricter enforcement for teams requiring additional consistency.
  • Modularity: The package provides two rule sets (PhpCollective and PhpCollectiveStrict), allowing gradual adoption. This aligns well with Laravel’s incremental improvement philosophy.
  • Fixability: Many rules are auto-fixable (phpcbf), reducing manual refactoring overhead—a key advantage for Laravel’s rapid development cycles.

Integration Feasibility

  • Composer Integration: Requires only a require-dev dependency, with minimal configuration (e.g., phpcs.xml). Laravel’s existing composer.json scripts can easily incorporate cs-check/cs-fix commands.
  • IDE Support: Native integration with PHPStorm (via External Tools) and other IDEs is well-documented, enabling real-time feedback for developers.
  • CI/CD Readiness: Lightweight enough for CI pipelines (e.g., GitHub Actions, CircleCI) without significant performance overhead.

Technical Risk

  • False Positives/Negatives: Some sniffs (e.g., PhpCollective.ControlStructures.DisallowCloakingCheck) may conflict with Laravel’s idiomatic patterns (e.g., dynamic property access). Mitigation: Test against Laravel’s core codebase first.
  • PHP Version Lock: Requires PHP 8.1+, which may exclude legacy Laravel projects (e.g., LTS 7.x). Mitigation: Use version constraints (^8.1) or fork the package for older PHP.
  • Rule Overlap: May duplicate rules from other tools (e.g., PHP-CS-Fixer). Mitigation: Audit existing tooling (e.g., laravel-pint) to avoid redundancy.

Key Questions

  1. Rule Prioritization: Which PhpCollective sniffs align with Laravel’s existing standards (e.g., Generic.Files.LineEndings vs. Laravel’s .editorconfig)?
  2. Performance Impact: How does this affect CI runtime for large codebases (e.g., Laravel Forge/Envoyer repos)?
  3. Customization Needs: Will the team need to extend/silence rules (e.g., for legacy code or framework-specific patterns)?
  4. Toolchain Conflict: Does this overlap with existing tools like pint, psalm, or rector? Should it replace or complement them?

Integration Approach

Stack Fit

  • Laravel Ecosystem: Complements Laravel’s PSR compliance and testing culture. Works alongside:
    • Laravel Pint (for formatting, not linting).
    • PHPStan/Psalm (for static analysis, not style).
    • Git Hooks (for pre-commit checks).
  • Monorepo Support: Can be configured per-project (e.g., app/, packages/) via phpcs.xml includes.
  • Legacy Code: The PhpCollectiveStrict standard can be gradually adopted by excluding legacy paths initially.

Migration Path

  1. Pilot Phase:
    • Add to composer.json (require-dev).
    • Configure phpcs.xml to target new code only (e.g., app/Http/).
    • Run in CI as a warning-only check (--warning-severity=3).
  2. Full Adoption:
    • Extend to all code (excluding tests/generated files).
    • Enforce in PR gates (fail builds on violations).
    • Replace existing sniffer tools (e.g., squizlabs/php_codesniffer).
  3. Strict Mode:
    • Switch to PhpCollectiveStrict after stabilizing the baseline.

Compatibility

  • Laravel-Specific Rules: Some sniffs (e.g., PhpCollective.Laravel.DisallowFacadeStaticCalls) may conflict with Laravel’s facade pattern. Solution: Exclude or customize these rules.
  • Package Autoloading: Ensure vendor/bin/phpcs is in PATH or use ./vendor/bin/phpcs for consistency.
  • IDE Plugins: Works with PHPStorm, VSCode (PHP Intelephense), and SublimeLinter-PHP.

Sequencing

Step Action Tools/Files Involved
1. Installation composer require --dev php-collective/code-sniffer composer.json
2. Configuration Create phpcs.xml with PhpCollective ruleset. phpcs.xml
3. CI Setup Add vendor/bin/phpcs to CI workflows (e.g., GitHub Actions). .github/workflows/lint.yml
4. IDE Setup Configure PHPStorm/VSCode external tools. IDE Settings
5. Gradual Rollout Run on new PRs first, then expand to all branches. git
6. Strict Mode Migrate to PhpCollectiveStrict after baseline compliance. phpcs.xml

Operational Impact

Maintenance

  • Rule Updates: The package is actively maintained (last release: 2026-03-27). Updates can be managed via:
    • Composer: composer update php-collective/code-sniffer --with-dependencies.
    • Version Pinning: Lock to patch versions (^1.0) for stability.
  • Custom Rules: Extending the ruleset requires adding sniffs to Sniffs/ and updating ruleset.xml. Complexity: Medium (requires PHP knowledge).
  • Deprecation Risk: Low—MIT license and no breaking changes in recent releases.

Support

  • Documentation: Comprehensive (README.md, docs/sniffs.md), but lacks Laravel-specific examples. Gap: Create a laravel-phpcs-config template repo.
  • Community: Small but responsive (6 stars, active issues). Workaround: Leverage squizlabs/PHP_CodeSniffer community for broader support.
  • Debugging: Use --report=full for detailed violation reports and --diff to compare changes.

Scaling

  • Performance: PHP_CodeSniffer is CPU-intensive for large codebases (e.g., Laravel + Forge). Mitigation:
    • Cache results (e.g., phpcs --cache).
    • Parallelize checks (e.g., parallel-lint + phpcs).
    • Exclude vendor/ and node_modules/ from scans.
  • Distributed Teams: Centralize configuration via shared phpcs.xml in a monorepo or template.
  • Multi-Repo: Use GitHub Actions or Dependabot to enforce consistency across repos.

Failure Modes

Scenario Impact Mitigation
CI Fails on Legacy Code Blocks PRs for non-compliant code. Gradually exclude paths or silence rules.
Rule Overrides Conflict Custom phpcs.xml breaks builds. Use git diff to identify changes.
Performance Bottleneck CI times out on large repos. Cache results or split into stages.
IDE Integration Fails Sniffs not triggering in editor. Verify vendor/bin/ is in PATH.
False Positives Legitimate code flagged. Customize rules or exclude files.

Ramp-Up

  • Developer Onboarding:
    • 10 mins: Add to composer.json and run composer cs-check.
    • 30 mins: Configure IDE shortcuts (e.g., Ctrl+Comma for sniffing).
    • 1 hour: Customize phpcs.xml for project needs.
  • Training:
    • Document: Create a CONTRIBUTING.md snippet on CS rules.
    • Workshop: Demo phpcbf for auto-fixing common issues.
  • Adoption Metrics:
    • Track violation counts over time (goal: <5% errors).
    • Measure CI pass rates post-integration.

Long-Term Considerations

  • Toolchain Consolidation: Evaluate if this replaces pint/psalm or works alongside them.
  • Custom Standards: Fork the package to add Laravel-specific sniffs (e.g., PhpCollective.Laravel.DisallowBladeEcho).
  • Automated Fixing: Extend CI to auto-fix phpcbf-compatible issues on PRs (with approval).
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport