staabm/side-effects-detector
Detects side effects in PHP code so you can safely eval or decide to isolate execution. Classifies effects (stdout, exit, includes/scope pollution, etc.) and flags unknown/userland calls as “maybe”. Used by PHPUnit to speed up PHPT tests.
Architecture fit: The package is a standalone static analysis tool designed for PHP code evaluation, making it suitable for integration into any PHP-based system requiring runtime code safety checks (e.g., eval-based workflows, test runners, or dynamic code execution systems). Its use in PHPUnit demonstrates compatibility with standard PHP toolchains and testing frameworks without requiring framework-specific modifications.
Integration feasibility: High due to Composer-based installation and a simple API surface (single getSideEffects() method). However, integration complexity increases when handling userland functions (which return SideEffect::MAYBE), requiring additional validation logic in consumer code. The lack of built-in sandboxing mechanisms means developers must implement custom execution strategies (e.g., output buffering, subprocess spawning).
Technical risk: Moderate. Limited adoption (0 dependents) and a small codebase (144 stars) indicate potential gaps in edge-case handling. The tool explicitly states it's not a "fully fledged" analysis solution, so critical use cases may require supplemental checks. The absence of comprehensive test coverage for obscure PHP constructs (e.g., dynamic function calls, certain extensions) could lead to undetected side effects.
Key questions: How does the tool handle dynamically generated code or reflection-based function calls? What is the performance impact when analyzing large codebases in production environments? Are there known limitations with specific PHP versions (e.g., PHP 8.1+ attributes
How can I help you explore Laravel packages today?