Skip to content

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

License

Notifications You must be signed in to change notification settings

PHPCSStandards/PHP_CodeSniffer

Repository files navigation

PHP_CodeSniffer

Latest Stable Version Validate Test Coverage Status License

Minimum PHP Version Tested on PHP 5.4 to 8.4

Note

This package is the official continuation of the now abandoned PHP_CodeSniffer package which was created by Squizlabs.

About

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Requirements

PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.

If you're using PHP_CodeSniffer as part of a team, or you're running it on a CI server, you may want to configure your project's settings using a configuration file.

Installation

The easiest way to get started with PHP_CodeSniffer is to download the Phar files for each of the commands:

# Download using curl
curl -OL https://phars.phpcodesniffer.com/phpcs.phar
curl -OL https://phars.phpcodesniffer.com/phpcbf.phar

# Or download using wget
wget https://phars.phpcodesniffer.com/phpcs.phar
wget https://phars.phpcodesniffer.com/phpcbf.phar

# Then test the downloaded PHARs
php phpcs.phar -h
php phpcbf.phar -h

These Phars are signed with the official Release key for PHPCS with the fingerprint 689D AD77 8FF0 8760 E046 228B A978 2203 05CD 5C32.

As of PHP_CodeSniffer 3.10.3, the provenance of PHAR files associated with a release can be verified via GitHub Artifact Attestations using the GitHub CLI tool with the following command: gh attestation verify [phpcs|phpcbf].phar -o PHPCSStandards.

Composer

If you use Composer, you can install PHP_CodeSniffer system-wide with the following command:

composer global require "squizlabs/php_codesniffer=*"

Make sure you have the composer bin dir in your PATH. The default value is ~/.composer/vendor/bin/, but you can check the value that you need to use by running composer global config bin-dir --absolute.

Or alternatively, include a dependency for squizlabs/php_codesniffer in your composer.json file. For example:

{
    "require-dev": {
        "squizlabs/php_codesniffer": "^3.0"
    }
}

You will then be able to run PHP_CodeSniffer from the vendor bin directory:

./vendor/bin/phpcs -h
./vendor/bin/phpcbf -h

Phive

If you use Phive, you can install PHP_CodeSniffer as a project tool using the following commands:

phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcs
phive install --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 phpcbf

You will then be able to run PHP_CodeSniffer from the tools directory:

./tools/phpcs -h
./tools/phpcbf -h

Git Clone

You can also download the PHP_CodeSniffer source and run the phpcs and phpcbf commands directly from the Git clone:

git clone https://github.com/PHPCSStandards/PHP_CodeSniffer.git
cd PHP_CodeSniffer
php bin/phpcs -h
php bin/phpcbf -h

Getting Started

The default coding standard used by PHP_CodeSniffer is the PEAR coding standard. To check a file against the PEAR coding standard, simply specify the file's location:

phpcs /path/to/code/myfile.php

Or if you wish to check an entire directory you can specify the directory location instead of a file.

phpcs /path/to/code-directory

If you wish to check your code against the PSR-12 coding standard, use the --standard command line argument:

phpcs --standard=PSR12 /path/to/code-directory

If PHP_CodeSniffer finds any coding standard errors, a report will be shown after running the command.

Full usage information and example reports are available on the usage page.

Documentation

The documentation for PHP_CodeSniffer is available on the GitHub wiki.

Issues

Bug reports and feature requests can be submitted on the GitHub Issue Tracker.

Contributing

See CONTRIBUTING.md for information.

Versioning

PHP_CodeSniffer uses a MAJOR.MINOR.PATCH version number format.

The MAJOR version is incremented when:

  • backwards-incompatible changes are made to how the phpcs or phpcbf commands are used, or
  • backwards-incompatible changes are made to the ruleset.xml format, or
  • backwards-incompatible changes are made to the API used by sniff developers, or
  • custom PHP_CodeSniffer token types are removed, or
  • existing sniffs are removed from PHP_CodeSniffer entirely

The MINOR version is incremented when:

  • new backwards-compatible features are added to the phpcs and phpcbf commands, or
  • backwards-compatible changes are made to the ruleset.xml format, or
  • backwards-compatible changes are made to the API used by sniff developers, or
  • new sniffs are added to an included standard, or
  • existing sniffs are removed from an included standard

NOTE: Backwards-compatible changes to the API used by sniff developers will allow an existing sniff to continue running without producing fatal errors but may not result in the sniff reporting the same errors as it did previously without changes being required.

The PATCH version is incremented when:

  • backwards-compatible bug fixes are made

NOTE: As PHP_CodeSniffer exists to report and fix issues, most bugs are the result of coding standard errors being incorrectly reported or coding standard errors not being reported when they should be. This means that the messages produced by PHP_CodeSniffer, and the fixes it makes, are likely to be different between PATCH versions.