Unused Public Laravel Package

Technical Evaluation

Architecture fit: The package is a generic PHP static analysis tool that lacks Laravel-specific awareness, leading to significant misalignment with Laravel's dynamic patterns (e.g., route bindings, service container injections, event listeners, console commands). It relies solely on static code scanning without context for framework-level dynamic dispatch mechanisms, resulting in unreliable detection of "unused" public elements in real Laravel applications.

Integration feasibility: Moderate for PHPStan users but requires substantial configuration. Installation is straightforward via Composer, but seamless integration depends on existing PHPStan setup. Key hurdles include defining exclusion rules for Laravel-specific patterns (e.g., controllers, events) and resolving false positives from template usage (Blade/Twig) or reflection-based calls.

Technical risk: High false positive rate due to Laravel's dynamic nature (e.g., controllers marked as unused despite route usage). Package maturity is questionable (192 stars, 0 dependents, 1.41 score) with unclear maintenance activity. PHP 8.3+ requirement may force environment upgrades. Critical unknowns: how it handles magic methods, __call/__get usage, and dynamic class instantiations common in Laravel.

Key questions:

• How does it detect public elements used via Laravel's route definitions or service container?
• What's the false positive rate for common Laravel patterns (e.g., event listeners, console commands)?
• Is there active maintenance? Last commit was 10 months ago.
• Does it support Laravel 10+ features like attribute-based routing?

Integration Approach

Stack fit: Only viable if PHPStan is already in use. The package functions as a PHPStan extension, so projects without PHPStan must first implement it (adding ~2-4 hours of setup). Incompatible with projects using only other static analyzers (e.g., Psalm). Requires PHP 8.3+ and Laravel 9+ for full compatibility.

Migration path:

1. Start with a small, isolated namespace (e.g., app/Services/) using --config to scope analysis.
2. Configure exclusions for known false positives:

   parameters:
     unused_public:
       template_paths: [resources/views, resources/views/components]
       exclude_paths: [app/Http/Controllers, app/Providers, app/Listeners]
   

3. Use @api annotations for intentionally public APIs (e.g., third-party service interfaces).
4. Gradually expand scope after validating results for 1-2 sprints.

Compatibility: Works with Laravel 9+ (PHP 8.3+ required). No known issues with Laravel-specific dependencies (e.g., Eloquent), but false positives will dominate for app/Http/Controllers and event-related code. Must avoid --fix mode; manual review is non-negotiable.

Sequencing:

1. Add to CI pipeline as a non-failing check initially (e.g., unused-public --fail-on-error=0).
2. Run weekly for 2 weeks to establish baseline false positive rate.
3. Configure exclusions for all Laravel-specific directories (controllers, providers, events).
4. Enable as a failing check only for non-framework code (e.g., app/Utils/).

Operational Impact

Maintenance: High burden due to low community adoption (0 dependents). Requires dedicated effort to maintain exclusion rules as the codebase evolves. Package updates may break compatibility with PHPStan or Laravel versions. Risk of abandonment if the maintainer discontinues support.

Support: Minimal community support (only 192 stars). Documentation covers basics but lacks Laravel-specific guidance. Debugging false positives requires manual inspection via --debug flag. No official Slack/ Discord channels; issues are resolved via GitHub.

Scaling: Performance degrades linearly with LOC. For large codebases (>100k LOC),