sanmai/phpstan-rules
Extra PHPStan rules from sanmai that extend static analysis for PHP projects. Helps catch additional issues not covered by core rules, improving code quality and consistency with minimal setup.
Architecture fit: The package is designed as a PHPStan extension, aligning with PHPStan’s plugin architecture for custom rule addition. However, the "unknown" repository status and lack of public source visibility raise concerns about transparency and community validation of its implementation.
Integration feasibility: Low. The repository being "unknown" suggests it may not be publicly accessible or properly published on Packagist, making Composer installation unreliable. Standard integration steps (e.g., composer require) cannot be confirmed without a valid repository.
Technical risk: High. Minimal community adoption (3 stars), future-dated release (2026-02-16), and absence of public source code indicate potential abandonment, unvetted code quality, or security risks. Lack of version compatibility details increases the chance of breaking changes with modern PHPStan versions.
Key questions:
Stack fit: Theoretically compatible with PHPStan’s ecosystem, but practical integration is unverifiable due to the unknown repository. If the package is not publicly available, it cannot be reliably integrated into standard PHP toolchains.
Migration path: Unclear. Without a valid repository or Packagist entry, standard Composer installation steps cannot be documented. Manual cloning or private repository setup would be required, introducing dependency management risks.
Compatibility: Unassessable. No version constraints or compatibility notes are provided, making it impossible to determine if it works with current PHPStan releases or PHP versions.
Sequencing: Standard sequencing (install → config inclusion) cannot be executed without a known source. If forced, steps would require unsafe manual workarounds (e.g., direct file copying), violating best practices.
Maintenance: Very high risk. The lack of public repository, low stars, and future-dated release suggest minimal or no active maintenance. Critical bugs or security issues may remain unaddressed indefinitely.
Support: None. No community engagement, issue tracker, or official channels are visible, leaving teams without recourse for troubleshooting or guidance.
Scaling: Rules may degrade performance in large codebases if inefficiently implemented, but this is unverifiable. Without maintenance, scaling efforts could fail due to unresolved edge cases or incompatibilities with newer tooling.
Failure modes: False positives/negatives in analysis could lead to missed bugs or unnecessary CI failures. If the package contains malicious or broken code (due to lack of review), it could compromise build pipelines or introduce security vulnerabilities.
Ramp-up: High friction. Teams would need to reverse-engineer undocumented rules and behaviors, with no official documentation or examples. Onboarding would require significant trial-and-error effort, delaying value realization.
How can I help you explore Laravel packages today?