staabm/phpstan-psr3
PHPStan rules that detect PSR-3 logger misuse and security pitfalls: invalid placeholders, context issues, and message formatting mistakes. Works with psr/log, Monolog, Laravel (illuminate/log, LogManager), and REDAXO rex_logger.
Architecture fit: Laravel's default logging (Monolog) is PSR-3 compliant, making this PHPStan extension a seamless fit. It operates purely at development time, adding no runtime overhead while enhancing static analysis for logging patterns.
Integration feasibility: High. Requires only adding as a dev dependency and updating PHPStan configuration. No code changes needed beyond enabling the extension.
Technical risk: Low. Potential edge cases if custom PSR-3 implementations deviate from standards, but the package explicitly supports common implementations. Future-dated release (2025-04-22) warrants verification of PHPStan version compatibility.
Key questions: What PHPStan version is currently used? Are there non-standard PSR-3 logger implementations? How many existing logging calls would benefit from validation?
Stack fit: Perfect alignment with Laravel’s PSR-3-based Monolog setup. No additional dependencies or architectural changes required.
Migration path: Add via composer require --dev staabm/phpstan-psr3, then include in phpstan.neon config. Run PHPStan incrementally to address reported issues (e.g., mismatched context keys).
Compatibility: Requires PHPStan ≥ v1.0 (verify package requirements). MIT license ensures no licensing conflicts.
Sequencing: Integrate during CI/CD pipeline setup phase. Run locally first to fix issues before merging, then enforce via CI checks.
Maintenance: Minimal. Only requires updates when PHPStan major versions change. No runtime maintenance or monitoring needed.
Support: Low effort. Issues are typically resolvable via PHPStan configuration tweaks or logging call adjustments. MIT license provides clear community support path.
Scaling: Zero runtime impact. Static analysis runs during build processes, scaling with CI infrastructure without affecting production.
Failure modes: PHPStan failures in CI could block deployments, but errors are actionable (e.g., missing context keys). Easy to resolve by correcting logging calls or adjusting type annotations.
Ramp-up: Developers need basic PHPStan familiarity. Error messages are self-explanatory (e.g., "Context key 'user_id' expected as string but got int"), requiring minimal training.
How can I help you explore Laravel packages today?