Introducing DeepSource's PHP Analyzer

Introducing DeepSource's PHP Analyzer

We're excited to launch our official Analyzer for PHP today. PHP has been one of the most widely requested programming languages that our users have asked us to support. This beta release is our first step towards building the most sophisticated static analysis experience available on the Internet for the language.

Almost 79% of all websites with a known server-side programming language use PHP, according to various research firms. The language's wild popularity also comes from the fact that it is easy to learn and get started with building web applications. Several large enterprises have adopted the language to build applications at scale — Facebook, Wikipedia, Slack, MailChimp, Etsy, and of course, WordPress.

Being an interpreted langauge, however, makes writing code in PHP prone to obvious errors which normally a compiler would have caught. Using static analysis on your PHP code can prevent these obvious errors as well as more complex issues from creeping into your codebase.

Meet the PHP Analyzer

At DeepSource, we're strive to build the fastest and most reliable static analysis experience. The all-new PHP Analyzer has been built ground up to be fast and guarantees less than 5% false positives in the results. If you're already a DeepSource user, just add the following lines in your PHP projects .deepsource.toml file, and you'd be good to go:

[[analyzers]]
name = "php"
enabled = true

If you're new to DeepSource, get started for free here: deepsource.io/signup.

50+ issues prevented in your code

In this release, the PHP Analyzer can detect 50+ bug risks, anti-patterns, security vulnerabilities, etc. in your source code. Here's a quick preview of some of these issues:

Array contains duplicate keys

This will raise an error when you are trying to use same key in array, which can lead to unexpected output.

$user = [
    'first_name' => 'John',
    'last_name' => 'Doe',
    'email' => 'john.doe@example.com',
    'first_name' => 'Jason', // this would override the previous `first_name` array key's value
];

Inconsistent parameters for the function call

Trying to pass an incorrect number of parameters in a function call can be easily missed when doing manual code review. No more of that, thanks to DeepSource.

function get_user_info($name, $email, $age, $city, $country) {
    // code goes here...
}

$result = get_user_info(
    'John',
    'john@test.com',
    20,
    'San Francisco'
); // only 4 parameters are passed but function accepts 5, which can lead to an error

‍nullsafe returned by reference

Dereferencing a nullsafe chain is not allowed, and will cause a runtime error. This is because references require l-values (memory locations, like variables or properties) but the nullsafe operator can sometimes return the r-value null.

function (Session $session): void {
    fn &() => $session?->user->name; // invalid: cannot dereference a nullsafe chain
};

Format your PHP code on autopilot

We're also pleased to release our official Transformer for PHP CS Fixer. Automated code formatting is a great way to ensure all your code follows the same standards without ever having to format anything manually. If your project follows the PHP CS Fixer style guidelines, simply add these two lines in your DeepSource config to automatically format every commit:

[[transformers]]
name = "php-cs-fixer"
enabled = true

Get started with the PHP Analyzer

The PHP Analyzer and the PHP CS Fixer Transformer are available to all DeepSource users now. Add the relevant sections to your existing project on DeepSource, or get started if you're a new user. We're constantly improving the Analyzer and you will see several new issues, Autofix capability, and more in the coming weeks.

As always, we're looking forward to hear from you. If you have any questions or feedback, please feel free to ask on our discuss forum.