Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Php Coding Standards
Assessments

Php Coding Standards Laravel Package

solido/php-coding-standards

Solido PHP coding standards meta-package: shared dev requirements for Solido suite tooling and analyzers (e.g., PHPStan, PHP_CodeSniffer). Use dev-master; no stable releases. Include as a dev dependency in all Solido PHP packages.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Unified Code Quality for PHP Monorepos: Ideal for teams maintaining multiple Laravel/PHP packages (e.g., a SaaS suite with shared libraries) where consistency across projects is critical. Eliminates tooling fragmentation (e.g., mixing PHPStan/PHP_CodeSniffer versions) and reduces merge conflicts by enforcing a single standard.
  • Developer Experience (DX) Roadmap: Accelerates onboarding by reducing cognitive load for new contributors. A single dev-master dependency ensures all packages adhere to the same baseline, cutting PR review time and lowering the barrier for open-source contributions.
  • Build vs. Buy for Code Quality: Saves engineering time by leveraging pre-configured, battle-tested rules (PHPStan strict mode, Slevomat coding standards, security advisories) instead of building custom linting/analysis tools. Particularly valuable for teams already using these tools but struggling with inconsistent setups.
  • Security and Compliance: Aligns with proactive security practices (e.g., roave/security-advisories, thecodingmachine/safe) and reduces audit overhead for compliance frameworks like SOC 2 or ISO 27001. Useful for regulated industries or projects handling sensitive data.
  • PHP 8.1+ Migration: Serves as a gatekeeper for modernizing legacy Laravel codebases by enforcing PHP 8.1+ features (e.g., typed properties, attributes) while maintaining quality gates. Helps teams adopt newer Laravel versions with less technical debt.
  • Open-Source Ecosystem Growth: If your product includes open-source PHP packages, this package ensures contributors follow a consistent standard, improving maintainability and reducing friction for external collaboration.

When to Consider This Package

  • Adopt if:

    • Your team maintains multiple PHP/Laravel packages (e.g., a suite of microservices or shared libraries) and needs unified coding standards.
    • You prioritize developer experience and want to reduce onboarding friction for new engineers or contributors.
    • Your roadmap includes PHP 8.1+ migration or adopting modern Laravel features (e.g., attributes, enums).
    • You require strict static analysis (PHPStan) and linting (PHP_CodeSniffer) without reinventing the wheel.
    • Your project targets security compliance (e.g., SOC 2, ISO 27001) and needs standardized tooling.
    • You’re comfortable with bleeding-edge tooling (dev-master) and can lock versions in composer.json if needed.

  • Avoid if:

    • Your project is standalone (not part of a shared suite) and doesn’t need cross-package consistency.
    • You require stable, versioned dependencies (this package is dev-master-only).
    • Your team lacks PHPStan/PHP_CodeSniffer expertise or prefers lighter linting (e.g., PSR-12 only).
    • Your CI/CD pipeline cannot handle dev-dependency metapackages (e.g., legacy systems or strict composer constraints).
    • You’re using Laravel <8.1 and cannot upgrade due to dependency constraints.
    • Your codebase is already compliant with PSR-12 and doesn’t need additional strictness.

  • Look elsewhere if:

    • You need custom, proprietary coding standards not covered by Doctrine/Slevomat/PHPStan.
    • Your team prefers alternative toolchains (e.g., Psalm over PHPStan, or custom ESLint-like tools).
    • You’re constrained by composer version limits (e.g., older PHP versions or strict dependency resolution).
    • Your project is polyglot (non-PHP languages) and this package’s PHP-only focus is irrelevant.

How to Pitch It (Stakeholders)

For Executives: "This package lets us enforce a single, enterprise-grade coding standard across all our PHP/Laravel projects—like a ‘style guide on steroids’ for our entire suite. By bundling PHPStan (static analysis), PHP_CodeSniffer (linting), and security tools under one dependency, we eliminate tooling fragmentation, reduce technical debt, and accelerate onboarding for engineers. Think of it as a force field against inconsistent code: fewer bugs, faster PR reviews, and easier maintenance. The upfront cost is minimal (just adding a dev dependency), but the long-term payoff is massive—especially as we scale the team or acquire more PHP-based products. It also aligns with our security and compliance goals, reducing audit overhead."

For Engineering (Tech Leads/Architects): *"This is a metapackage that saves us from reinventing the wheel. Instead of manually configuring PHPStan, PHP_CodeSniffer, and Doctrine/Slevomat standards in every repo, we add one solido/php-coding-standards dependency (dev-master) and get:

  • Strict PHPStan rules (including Solido’s custom rules for modern PHP features like attributes).
  • PSR/Doctrine/Slevomat compliance out of the box.
  • Security advisories and safe coding checks (critical for compliance).
  • PHP 8.1+ enforcement to future-proof our Laravel stack.

Tradeoffs:

  • It’s heavy (~10 dependencies) and opinionated—if you hate strict rules, this isn’t for you.
  • No stable releases (dev-master), so we’d need to lock versions in composer.json for stability.
  • Requires incremental adoption to avoid breaking existing code.

Perfect for: New projects or retrofitting existing ones where consistency and DX matter more than minimalism."*

For Developers: *"Tired of ‘it works on my machine’ debates and manual tool setup? This package is your new best friend. Just add it to your composer.json under require-dev, and you get: ✅ Automated static analysis (PHPStan with Solido’s rules—catches bugs early). ✅ Linting (PHP_CodeSniffer for PSR/Doctrine/Slevomat standards—no more style wars). ✅ Security checks (roave/security-advisories—blocks vulnerable dependencies). ✅ Modern PHP enforcement (PHP 8.1+ features like typed properties).

Downsides:

  • It’s strict—your code might fail if it doesn’t comply (but that’s a good thing!).
  • Requires learning PHPStan/PHP_CodeSniffer if you’re new to them.
  • dev-master means occasional updates might break things (but we can lock versions).

Pro tip: Start with security checks, then gradually enable stricter rules. Your future self (and teammates) will thank you!"*

For Security/Compliance Teams: *"This package bakes in security best practices with minimal effort:

  • Dependency scanning via roave/security-advisories (blocks vulnerable packages).
  • Safe coding checks via thecodingmachine/safe (prevents common vulnerabilities).
  • Standardized tooling reduces audit overhead by ensuring consistent enforcement across all PHP projects.

Why it matters: Fewer manual security reviews, fewer surprises during audits, and a baseline that aligns with frameworks like SOC 2 or ISO 27001."*

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
craftcms/url-validator
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity
testo/bridge-symfony