Introduction
We want the new project we are starting at Filmin to be robust. Therefore, besides adopting good coding practices, we checked some PHP libraries and tools that can help us improve its quality.
Here is a list of the tools we analyzed with the description they have in its Github repository, excluding well known tools or libraries, such as PHPUnit.
Most of these tools are CLI commands, so they can be integrated in a CI/CD flow. Others can be integrated within the IDE, such as Psalm or PHPStan in PHPStorm. And others are libraries that we use in our project.
The list is based in our experience, and it is heavily influenced by:
- https://twitter.com/ramsey/status/1396592906102722561
- https://twitter.com/lulco/status/1397813303037079553
- https://twitter.com/ArkadiuszKondas/status/1338485275002068993
- Aggressive PHP Quality Assurance in 2019 | Marco Pivetta
Libraries
- brick/date-time: Date and time library for PHP
- thecodingmachine/safe: All PHP functions, rewritten to throw exceptions instead of returning false, now for php8
- Tactician: A small, flexible command bus
- ronanguilloux/isocodes: PHP library - Validators for standards from ISO, International Finance, Public Administrations, GS1, Manufacturing Industry, Phone numbers & Zipcodes for many countries
- box/spout: Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
- league/flysystem: Abstraction for local and remote filesystems
- Serializer:
- Symfony Serializer Component: The Serializer component is meant to be used to turn objects into a specific format (XML, JSON, YAML, …) and the other way around.
- JMS Serializer: This library allows you to (de-)serialize data of any complexity. Currently, it supports XML and JSON.
- Fractal: Fractal provides a presentation and transformation layer for complex data output, the like found in RESTful APIs, and works really well with JSON. Think of this as a view layer for your JSON/YAML/etc.
Tools
Code quality
- Deptrac: Keep your architecture clean.
- PHP Insights: Instant PHP quality checks from your console
- GrumPHP: A PHP code-quality tool.
- churn-php: Discover files in need of refactoring.
-
Psalm: A static analysis tool for finding errors in PHP applications. Plugins:
- boesing/psalm-plugin-stringf: Psalm plugin to provide more details for sprintf, printf, sscanf and fscanf functions.
- hectorj/safe-php-psalm-plugin: vimeo/psalm plugin for thecodingmachine/safe.
- marartner/psalm-no-empty: Psalm plugin to detect usage of empty().
- marartner/psalm-strict-equality: Psalm plugin to enforce strict equality.
- psalm/plugin-phpunit: A PHPUnit plugin for Psalm.
- psalm/plugin-symfony: Psalm Plugin for Symfony.
- weirdan/doctrine-psalm-plugin: Stubs to let Psalm understand Doctrine better.
-
PHPStan: PHP Static Analysis Tool - discover bugs in your code without running it!. Plugins:
- ergebnis/phpstan-rules: Provides additional rules for phpstan/phpstan.
- spaze/phpstan-disallowed-calls: PHPStan rules to detect disallowed calls and constant & namespace usages
- roave/no-floaters: static analysis rules to prevent IEEE-754 floating point errors.
- More extensions
Testing
-
Infection: PHP Mutation Testing library. Plugins:
- roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis
- bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
- roave/no-leaks: PHPUnit Plugin for detecting Memory Leaks in code and tests
- lulco/populator: Allows populate fake data to your database.
- OpenAPI PSR-7 Message (HTTP Request/Response) Validator: It validates PSR-7 messages (HTTP request/response) against OpenAPI specifications.
- Paratest: Parallel testing for PHPUnit
Composer tools
- ComposerRequireChecker: A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
- composer-unused: Show unused composer dependencies by scanning your code
- composer-normalize: Provides a composer plugin for normalizing composer.json.
Security
- roave/security-advisories: Security advisories as a simple composer exclusion list, updated daily
- roave/backward-compatibility-check: Tool to compare two revisions of a class API to check for BC breaks
- Local PHP Security Checker: PHP security vulnerabilities checker
General
- Robo: Modern Task Runner for PHP
- CaptainHook: Very flexible git hook manager for php developers
Conclusion
There is a huge amount of tools written by the PHP community that helps us increase the quality of our project, and that ease our task as developers. We need to choose the ones that adapt better to our project and use case.
And you? Do you know any interesting tool that is not in this list?
Top comments (11)
Yes. I would suggest
You've already provided a ton of excellent tools. Some I already use everyday. Some I will discover RIGHT NOW OMG LOOKS SOOOO COOOOOOOL
BTW I talk a lot about code quality, so come and subscribe 😎
Just a heads up.
fzaninotto/Faker has been sunsetted, so development has stopped.
I recommend using FakerPHP which an attempt at maintaining and developing the code. It should be a drop-in replacement, I can't think of any changes I've had to made but YMMV.
It only support PHP >7.1.
Thank you for your recommendation!
Thank you for your suggestions!
Author of composer-unused here. Thanks for listing along side those awesome other libraries, feeling honored 💪
Thank you for your work! We have been using your library for some months and it is really useful!
Thanks, much appreciated 🙏
Thank you
Thanks for the articles!
Fantastic!!! Thanks for shared!!!!
Thank you!