Phpstan Strict Rules Laravel Package
phpstan/phpstan-strict-rules
Extra strict, opinionated PHPStan rules for strongly typed PHP. Catches loose/unsafe patterns like non-boolean conditions, useless casts, non-numeric arithmetic, missing strict flags in in_array/array_search, variable overwrites in loops, and switch type mismatches.
Technical Evaluation
Architecture fit: This package extends PHPStan's static analysis capabilities with strict type enforcement rules, fitting seamlessly as a dev-only dependency in CI/CD pipelines. It adds no runtime overhead and complements existing PHPStan usage for code quality enforcement.
Integration feasibility: High feasibility via Composer (composer require --dev), with automatic configuration via phpstan/extension-installer or manual rules.neon inclusion. Minimal setup required.
Technical risk: Significant initial codebase violations if legacy code uses loose comparisons, variable variables, or non-strict function calls. Requires PHPStan ≥1.7.0 (check current version). Rules like disallowedLooseComparison may trigger hundreds of errors in untyped codebases.
Key questions: Current PHPStan version compatibility? Estimated violation count for target rules? How will violations be prioritized (e.g., new code vs. legacy)? Does this conflict with existing linters (e.g., Psalm, phpcs)?
Integration Approach
Stack fit: Pure dev dependency compatible with PHP 7.4+ and modern PHPStan versions. No runtime impact; integrates with existing build tools (CI, IDEs) via standard PHPStan execution.
Migration path: Start with strictRules.allRules: false in config, then enable one rule at a time (e.g., disallowedShortTernary → disallowedLooseComparison). Use CI to block new violations while fixing existing ones incrementally.
Compatibility: Requires PHPStan ≥1.7.0. Verify PHP version compatibility (package supports PHP 7.4+). Ensure no conflicts with other static analysis tools (e.g., Psalm's strict rules may overlap).
Sequencing: 1) Install package and run baseline analysis, 2) Fix critical/high-impact violations (e.g., strictFunctionCalls for in_array), 3) Gradually enable stricter rules (e.g., noVariableVariables), 4) Enforce rules in CI for new code only initially, then full enforcement.
Operational Impact
Maintenance: Low ongoing effort as it's a dev dependency. Updates require checking PHPStan compatibility (follow releases via Composer constraints). Community-maintained with active CI pipeline.
Support: Strong community backing via PHPStan ecosystem. Documentation is comprehensive in README. Issues are actively addressed (recent releases in 2023).
Scaling: Analysis time increases marginally with codebase size but remains linear. No impact on production performance. Suitable for large codebases (PHPStan scales well).
Failure modes: CI failures due to rule violations (mitigated by gradual rule enablement). False positives possible for edge cases (e.g., dynamic property access), but rules are configurable.
Ramp-up: Developers need training on new rules (e.g., why empty() is discouraged). Errors are descriptive in output. Initial learning curve for strict typing patterns but minimal long-term overhead.
How can I help you explore Laravel packages today?