Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Phpstan Strict Rules
Assessments

Phpstan Strict Rules Laravel Package

phpstan/phpstan-strict-rules

Opinionated extra rules for PHPStan to enforce strict, strongly typed PHP. Catches loose booleans in conditions, unsafe strict parameters, useless casts, non-numeric arithmetic, variable overwrites in loops, and switch/case type mismatches for safer defensive code.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Enforcing Strict Coding Standards: Adopt this package to enforce defensive programming and type safety in PHP projects, aligning with best practices for maintainability and scalability. This supports a roadmap item to reduce runtime errors by catching type-related bugs early (e.g., loose comparisons, implicit casts).
  • Build vs. Buy: Buy—this is a lightweight, open-source solution that integrates seamlessly with existing PHPStan workflows, avoiding the need to build custom static analysis rules from scratch.
  • Developer Experience (DX) Improvements: Use this to standardize code quality across teams, reducing onboarding friction by enforcing consistent, strict patterns (e.g., disallowing empty(), requiring === comparisons).
  • Security and Compliance: Mitigate risks from type-related vulnerabilities (e.g., empty() bypasses, loose comparisons in authentication logic) by enforcing stricter checks.
  • Performance Optimization: Eliminate redundant casts (e.g., uselessCast) and enforce numeric operands in arithmetic operations, improving code clarity and potential performance.
  • Legacy Code Modernization: Gradually introduce strict rules to refactor legacy PHP codebases by incrementally enabling rules (e.g., disallowedLooseComparison) without breaking builds.

When to Consider This Package

  • Adopt if:

    • Your team prioritizes type safety and defensive programming (e.g., financial systems, APIs, or high-assurance applications).
    • You use PHPStan and want to elevate static analysis beyond default rules (e.g., to catch edge cases like empty() or backtick usage).
    • You’re maintaining a large codebase where loose typing or implicit behaviors introduce bugs (e.g., foreach overwrites, dynamic method calls).
    • Your CI/CD pipeline already runs PHPStan, and you want to fail builds on strict violations to enforce consistency.

  • Look elsewhere if:

    • Your team prefers flexibility over strictness (e.g., rapid prototyping, scripting, or projects where loose typing is intentional).
    • You’re using non-PHP languages or frameworks that don’t integrate with PHPStan.
    • Your project has legacy constraints (e.g., heavy reliance on empty(), backticks, or dynamic variables) that would require massive refactoring to comply.
    • You need custom business logic checks beyond static typing (e.g., domain-specific validation rules).

How to Pitch It (Stakeholders)

For Executives:

"This package supercharges our PHP code quality by enforcing strict typing and defensive programming—reducing runtime bugs, improving security, and aligning with industry best practices. For example, it catches loose comparisons (==) that could lead to security flaws or arithmetic errors with non-numeric operands. By integrating with our existing PHPStan workflow, we can fail builds on violations and gradually modernize our codebase without disrupting releases. The cost? Minimal—just a Composer install and incremental adoption. The payoff? Fewer production incidents and more maintainable code."

For Engineering Teams:

*"We’re adding phpstan/phpstan-strict-rules to enforce stricter PHP standards, like:

  • Banning loose comparisons (==) to prevent type-related bugs.
  • Disallowing empty() (which silently converts types) in favor of explicit checks.
  • Enforcing numeric operands in arithmetic operations to catch logic errors early.
  • Blocking dynamic variables ($$foo) and implicit array creation to improve readability.

This won’t break existing code overnight—we’ll enable rules incrementally via PHPStan config. It’s a small change with big long-term benefits: fewer bugs, safer refactoring, and code that’s easier to maintain. Let’s start with a pilot in [Module X] and measure the impact on static analysis findings."*

For Developers:

*"We’re adopting phpstan-strict-rules to catch subtle bugs early. Here’s what changes:

  • No more empty($var): Use !isset($var) or null !== $var instead.
  • Strict comparisons only: Replace == with === everywhere.
  • No implicit casts: PHPStan will flag (int) $alreadyInt as redundant.
  • Safer loops: Overwriting variables in foreach will trigger warnings.

How to adapt:

  1. Run composer require --dev phpstan/phpstan-strict-rules.
  2. Update your phpstan.neon to include the rules (start with allRules: false and enable rules gradually).
  3. Fix violations in CI—we’ll help prioritize critical ones first.

This is a net positive: fewer surprises in production and code that’s easier to reason about. Start with the rules that matter most to you!"*

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium