Product Decisions This Supports

Enables secure execution of user-provided code in environments like code playgrounds, educational platforms, or plugin systems by identifying side effects before runtime.
Optimizes test runners (e.g., PHPUnit) by allowing side-effect-free code to run in-process, reducing subprocess overhead and improving test performance.
Informs build vs buy decisions: provides a ready-to-use, lightweight solution for side-effect detection, avoiding costly custom development of static analysis logic.
Supports roadmap decisions for features requiring dynamic code evaluation (e.g., live code editing, sandboxed execution) where safety and performance are critical.

When to Consider This Package

Consider when your application requires safe evaluation of dynamic PHP code (e.g., eval(), remote code execution) and needs to determine if it can run in-process or requires isolation.
Ideal for projects where detecting specific side effects (e.g., output, process exit, scope pollution) is critical for security or performance optimization.
Look elsewhere if you need comprehensive static analysis (use PHPStan), if your use case involves userland functions requiring deeper inspection (this package returns MAYBE for unknown functions), or if your codebase has no dynamic execution scenarios.

Executives: "This lightweight tool ensures safe execution of untrusted PHP code by detecting side effects, reducing security risks and infrastructure costs. Used in PHPUnit to accelerate tests by avoiding subprocesses for safe code, directly improving developer productivity and system reliability."
Engineering: "Integrates seamlessly to analyze PHP code for side effects, enabling smarter execution strategies (e.g., in-process vs subprocess). With minimal setup and no runtime dependencies, it provides precise side-effect classification to optimize performance-critical code paths—like our test suite or user code sandboxing."