Open in app

Sign in

Write

Sign in

Static Analysis With Psalm

Faruk Nasir
2 min readApr 23, 2021

A typo is never that serious unless it's in a software code base. A tiny mistake such as an omission of a comma can cause companies billions of dollars, destroy a NASA rocket or even interrupt service for users of a SaaS product.

Over the years there has been tremendous efforts towards development of automated tools and processes to prevent such catastrophic typos from finding their way into or making a home of our software code bases. Extensions of compiler technologies have been built to help us with automated reviews.

In this post, I write about Psalm — a PHP static analysis tool, and how you can take advantage of its powerful features in stopping bad code from creeping into your source codes.

Psalm

Psalm is a VIMEO open-source project that helps you in catching bugs early and identifying problems in your code. It helps:

  • prevent type-related runtime errors
  • enforce standard coding patterns
  • autofix bugs
  • detect PHP security vulnerabilities using taint analysis

For a quick start and installation guide, head over here.

Psalm does not just flag a line of code as problematic, it includes links that you can follow to see explanation for the decision. It looks like this:

ERROR: InvalidArgument - \namespace\file.php:8:19 - 
Argument 1 of getAttribute expects string, 
int provided (see https://psalm.dev/004)

Support For Laravel

Psalm v3 came with a new plugin framework that makes authoring integrations for third party packages much easier. That, with Barry’s IDE Helper made the Laravel Plugin a reality according to Matt.

It’s super easy to setup. You only need two commands after successfully installing and setting up Psalm:

composer require --dev psalm/plugin-laravel
./vendor/bin/psalm-plugin enable psalm/plugin-laravel

Under the hood, it runs the laravel IDE helper, get the stubs and feed them into Psalm. I, personally, would love it that the package exists independent of the IDE helper because a scenario in the future where issues would pile up in both repos because of some dependency mismatch or recent upgrade that stops a certain “something” from working entirely is imminent.

But, so far so good. I’m really happy with the developments and excited for what is in store for the future!

This post first appeared here.

PHP
Static Code Analysis
Code Review

--

--

Faruk Nasir

Written by Faruk Nasir

38 Followers

Founder https://starfolksoftware.com

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams