staabm/phpstan-psr3
PHPStan rules that detect PSR-3 logger misuse and security pitfalls: invalid placeholders, context issues, and message formatting mistakes. Works with psr/log, Monolog, Laravel (illuminate/log, LogManager), and REDAXO rex_logger.
composer require --dev staabm/phpstan-psr3phpstan.neon):
includes:
- vendor/staabm/phpstan-psr3/config.neon
Monolog\Logger or any implementation of Psr\Log\LoggerInterface), and PHPStan will now validate placeholders and context keys at compile time — e.g., flagging log('error', 'User {id} not found', ['user_id' => 123]) as invalid because {id} ≠ {user_id}.{key} in the message). The extension validates that all placeholders are covered and no extra context is provided.['userId' => int, 'action' => string]) in PHPDocs or via generics, and PHPStan will check type conformance.Log::channel(), Symfony’s Logger, or direct Psr\Log\LoggerInterface injection — ideal for service classes where structured logging is enforced.level: 5) and progressively tighten; the extension adds no new errors to pre-existing code unless mismatches exist.{placeholder} (curly braces) is supported; %placeholder% (Symfony-style) won’t be validated — ensure your messages follow PSR-3.{UserId} and {userid} are treated as different placeholders — match exactly in your context keys.ignoreErrors or use @phpstan-ignore-next-line for edge cases where context is dynamically altered.['tenantId' => string]) using PHPStan’s Custom Rules API — the package doesn’t enforce strict schemas, just checks for consistency with placeholders.Log::info('...', ['some_key' => ...]), ensure PHPStan can infer the type via @method annotations if using facades; the extension works best when the logger instance type is unambiguous.How can I help you explore Laravel packages today?