Phpcs Variable Analysis Laravel Package

Getting Started

Start by installing the package via Composer: composer require --dev sirbrillig/phpcs-variable-analysis. Then configure PHP_CodeSniffer to use its custom sniff: add <rule ref="VariableAnalysis"> to your phpcs.xml (or phpmd.xml if using PHPCS with custom rulesets). The default configuration catches undefined variables and unused variables across functions, methods, closures, and conditionals — run phpcs on your codebase to see immediate feedback.

Implementation Patterns

• Enforce in CI: Integrate with CI pipelines using phpcs to block PRs with variable issues.
• Fine-tune rulesets: Extend or override sniff settings (e.g., ignoreByReference, allowUnusedByReferenceParameters) in phpcs.xml to match team conventions.
• Targeted scanning: Use --sniffs=VariableAnalysis.Variables.UnusedVariable or similar flags to focus on specific problems during audits.
• Work with IDEs: Complement IDE linting (e.g., PHPStan, Psalm) — this sniff catches cases those tools sometimes miss, like variables used only in dynamically evaluated strings.

Gotchas and Tips

• False positives from magic: Avoid false positives in magic methods (__get, __set, etc.) by overriding allowMagicGetSet in the sniff config.
• Anonymous functions: Ensure closures capture variables intentionally — use use (&$var) to silence unused warnings for known captures.
• Compact() usage: Variables defined via compact() are often misflagged as unused — whitelist them with <property name="allowExtractVariables" value="true"/>.
• Rule ordering matters: Place <rule ref="VariableAnalysis"> after PSR rules in your phpcs.xml to prevent syntax errors from masking analysis issues.
• Debug issues: Add -s flag to phpcs to see sniff names in output, helping trace which rule triggered a warning.