Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Php7Cc
Assessments

Php7Cc Laravel Package

sstalle/php7cc

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Purpose Alignment: The sstalle/php7cc package is a static code analyzer designed to identify PHP 5.x code incompatible with PHP 7.x+. It leverages PHP’s Abstract Syntax Tree (AST) to detect deprecated constructs, syntax changes, and potential runtime issues (e.g., foreach by reference, mysql_* functions, or register_globals).
  • Use Case Fit:
    • Ideal for legacy PHP monoliths migrating to PHP 7.4+ or 8.x.
    • Complements Laravel’s built-in deprecation checks (e.g., php artisan package:discover) but focuses on low-level syntax/behavioral incompatibilities not covered by Laravel’s ecosystem (e.g., Symfony’s deprecation component).
    • Not a replacement for dynamic testing (e.g., Pest/PHPUnit) but acts as a pre-commit gatekeeper for compatibility.
  • Laravel-Specific Gaps:
    • Laravel’s core (v9+) already enforces PHP 8.0+; this package would add granularity for third-party dependencies or custom codebases.
    • Misses framework-specific deprecations (e.g., Route::bind() in Laravel <8.0), requiring manual mapping.

Integration Feasibility

  • Static Analysis Tooling:
    • Can integrate into Laravel’s testing pipeline via:
      • Pre-commit hooks (e.g., GitHub Actions, Laravel Forge).
      • Custom Artisan command (e.g., php artisan check:php7).
      • CI/CD gates (fail builds on incompatibilities).
    • Output Format: JSON/XML (parsable for custom dashboards or Slack alerts).
  • Dependencies:
    • Requires PHP 5.6+ (to analyze older code) but outputs PHP 7+ warnings.
    • No Laravel-specific dependencies; pure PHP CLI tool.
  • False Positives/Negatives:
    • May flag safe dynamic code (e.g., eval()) or miss runtime errors (e.g., undefined constants).
    • Mitigation: Pair with phpstan/extension-installer or phpstan/phpstan for stricter typing.

Technical Risk

Risk Area Severity Mitigation Strategy
Outdated Package High Fork/maintain or replace with phpstan + custom rules.
False Positives Medium Whitelist known-safe patterns in config.
Performance Overhead Low Run in CI (not local dev) for large codebases.
Laravel-Specific Blind Spots Medium Supplement with laravel-shift/doctrine-db-dump-filter for ORM issues.

Key Questions

  1. Migration Priority:
    • Is this for Laravel core upgrades or third-party vendor compatibility?
    • Example: Does the team need to support PHP 7.4 for legacy clients?
  2. Toolchain Integration:
    • Should this replace or complement existing tools (e.g., roave/security-advisories, phpstan)?
  3. Maintenance Plan:
    • Given the last release was 2017, how will the team handle:
      • PHP 8.x+ incompatibilities (e.g., named args, union types)?
      • False positives in modern Laravel code?
  4. Customization Needs:
    • Are there framework-specific rules (e.g., Blade template syntax) to exclude/include?
  5. CI/CD Impact:
    • What’s the acceptable failure rate for pre-merge checks?

Integration Approach

Stack Fit

  • Best For:
    • Legacy Laravel apps (v5.x–v8.x) with PHP 5.6–7.3 codebases.
    • Monorepos with mixed PHP versions (e.g., plugins using PHP 5.6).
    • Dependency-heavy projects where vendors lag on PHP 7+ support.
  • Poor Fit:
    • Greenfield Laravel 9+ apps (PHP 8.0+ enforced).
    • Projects already using phpstan with phpstan/extension-installer.
  • Complementary Tools:
    Tool Purpose
    phpstan/phpstan Static analysis for type safety.
    roave/security-advisories Dependency vulnerability scanning.
    laravel-shift/doctrine-db DBAL/ORM migration helpers.
    dealerdirect/phpcodesniffer PSR/Framework-specific linting.

Migration Path

  1. Assessment Phase:
    • Run ./vendor/bin/php7cc analyze app/ (or custom path) to generate a baseline report.
    • Triage issues by severity (e.g., E_DEPRECATED vs. E_STRICT).
  2. Integration Options:
    • Option A: CLI Wrapper (Recommended for CI): 
      # .github/workflows/php7cc.yml
- name: PHP 7 Compatibility Check
  run: ./vendor/bin/php7cc analyze app/ --format=json > php7cc-report.json
  # Fail if non-zero exit code
    • Option B: Artisan Command: 
      // app/Console/Commands/CheckPhp7Compatibility.php
public function handle() {
    $output = shell_exec('php7cc analyze app/ --format=json');
    $issues = json_decode($output, true);
    if (!empty($issues['errors'])) {
        $this->error("PHP 7 incompatibilities found!");
        exit(1);
    }
}
    • Option C: PHPStan Ruleset (Future-proof):
      • Replace with phpstan + custom rules for PHP 7+ checks.
  3. Phased Rollout:
    • Phase 1: Run in CI (non-blocking) to log issues.
    • Phase 2: Fix critical errors (e.g., mysql_* functions).
    • Phase 3: Enforce as a pre-merge gate.

Compatibility

  • Laravel Version Support:
    • Works with any Laravel version but most useful for v5.x–v8.x.
    • Laravel 9+: Overkill unless analyzing legacy plugins.
  • PHP Version Support:
    • Analyzes: PHP 5.6–7.3 code.
    • Targets: PHP 7.0+ compatibility.
    • Limitations:
      • No PHP 8.x+ checks (e.g., match expressions, attributes).
      • May miss JIT optimizations or FPM-specific issues.
  • Dependency Conflicts:
    • None (pure PHP CLI tool), but ensure ext-phar is enabled for some features.

Sequencing

  1. Pre-Integration:
    • Audit current PHP version (php -v) and Laravel version (composer show laravel/framework).
    • Identify high-risk areas (e.g., custom service providers, Blade templates).
  2. Integration:
    • Add to composer.json dev dependencies: 
      "require-dev": {
    "sstalle/php7cc": "^1.0"
}
    • Configure CI (e.g., GitHub Actions) to run post-testing.
  3. Post-Integration:
    • Whitelist false positives in php7cc.json: 
      {
    "whitelist": [
        "app/Helpers/legacy.php:10" // Known safe dynamic code
    ]
}
    • Document common issues (e.g., "All mysql_* calls must be replaced with PDO").

Operational Impact

Maintenance

  • Short-Term:
    • High effort: Initial triage of false positives/negatives.
    • Moderate effort: Keeping the package updated (consider forking if needed).
  • Long-Term:
    • Low effort: Once integrated into CI, maintenance is passive.
    • Risk: Package stagnation (last release 2017) may require:
      • Forking to add PHP 8.x support.
      • Replacement with phpstan rules (e.g., phpstan/phpstan-deprecation-rules).
  • Alternatives:
    • PHPStan Rules: More maintainable for modern PHP.
    • Custom Script: Use token_get_all() for lightweight checks.

Support

  • Debugging:
    • Common Issues:
      • False positives in dynamic code (e.g., eval(), create_function()).
      • Missed runtime errors (e.g., undefined array keys).
    • Mitigation:
      • Supplement with php -l (lint) and phpstan.
      • Add custom exclusions for legacy code.
  • **Team Skills
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
craftcms/url-validator
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity
testo/bridge-symfony