
PHP Insights: Analyze the code quality of PHP projects - MindGods
https://phpinsights.com
======
nunomaduro
Hey everyone. I am Nuno, the creator of PHP Insights

First, thanks @MindGods for sharing PHP Insights on Hacker News!

To answer some question on the comments:

The goal of PHP Insights is not to perform type checking, for that we already
have PHPStan and Psalm. And both already work great by default.

PHP Insights wraps tools like PHP CS, or PHP CS Fixer, putting each
check/sniff within a specific category: A missing blank space is related to
coding style. On the other end, having mutable objects can be considered a
code quality problem.

So, once we have those checks performed, we show a well-designed console
interface that shows developers the results per category in a human-readable
form: with a score, percentages, etc.

Besides, it's designed to work out-of-the-box with Laravel, Symfony, and
others. In other words, we have prepared a set of presets, that represent the
conventions per framework, so when people launch PHP Insights within a
Magento2 project, their project will be analyzed following the Magento
conventions.

Long live PHP!

~~~
nitinreddy88
Off topic.

I really like the colors, theme and fonts of your terminal. Can you share
them?!

~~~
p410n3
Looks like Dracula

------
ericcholis
Worth mentioning PHPStan [1] and Psalm [2] for static analysis as well.

1\. [https://phpstan.org/](https://phpstan.org/) 2\.
[https://psalm.dev/](https://psalm.dev/)

------
gorgoiler
I look forward to the April 1st version of this tool.

PHP is truly a defining technology of our age. For all the tongue-in-
cheekiness of my comment, it’s a matter of fact that several giant web
properties were built with PHP and have had irrefutable global impact.

~~~
omarchowdhury
Other than Facebook, who are they?

~~~
captn3m0
Wordpress.

~~~
agumonkey
it's difficult for me to link PHP as important in wordpress success

~~~
stanmancan
Can you name a business/site/project that was successful _because_ of the
language it was written in?

~~~
agumonkey
according to pg viaweb was one

I can also think of nichimen mirai which was also 10 years ahead of the
competition in terms of ergonomics and features and was based on symbolics
S-graphics system (and I kinda believe most of the value in mirai was due to
the lisp broader paradigm, you could clearly see how limited most programs
were at the time, exception being maybe prisms/houdini [which was probably C
based though:)])

some people also quote apl or prolog to be an extensive reason on why their
product exists or has an edge

------
eberkund
This looks like a cool high quality project. Has anyone used it? How does it
compare/fit-in with other tools like Psalm and Prettier?

~~~
muglug
Hey, I created Psalm.

Psalm and similar tools perform type-checking static analysis. This tool does
not do type-checking.

It does a few things:

\- Complexity analysis, with a few other top-level checks (analysis done here:
[https://github.com/nunomaduro/phpinsights/blob/966fddbacb17e...](https://github.com/nunomaduro/phpinsights/blob/966fddbacb17e9504faa3a9a1d4977ebeb7a5cc4/src/Domain/Analyser.php))

\- Composer dependency security checks (if third-party packages have
vulnerabilities)

\- It wraps PHP CodeSniffer with some additional sniffs

\- It wraps PHPCS Fixer with some additional sniffs

The tool doesn't go out of its way to advertise the fact that it wraps two
popular existing tools, but that's the author's prerogative.

------
XzAeRosho
Thanks for sharing. I have some open source PHP projects (with Yii2), that I
maintain on my free time, and I was wondering if there were any static
analysis tools for PHP, and this just popped at the right time.

Will give it a try.

~~~
tj0
You might also look into exakat and phpstan. I can speak to the quality of
exakat (my preferred static analyzer), where phpstan comes in as a close
second.

This one also looks decent, and will be evaluating it for use in my day job.

~~~
mixologic
This one looks more like a polished wrapper around phpstan and several other
tools:
[https://github.com/nunomaduro/phpinsights/blob/master/compos...](https://github.com/nunomaduro/phpinsights/blob/master/composer.json)

~~~
muglug
It doesn't wrap PHPStan

------
thaumaturgy
> src/Grouchy/MessageStream.php:17: Class has too many methods: 12. Can be up
> to 10 methods.

> src/Grouchy/MessageStream.php:66: Your function is too long. Currently using
> 40 lines. Can be up to 20 lines.

sigh.

One of the annoyances of modern PHP practices is the tendency to write one
class, per file, which extends or implements one other class, and adds one or
two functions to it. Every single logical abstraction in a PHP project can
have somewhere between one to thirty different classes associated with it, and
larger PHP projects end up with a thousand or more files. All of this is
enabled by composer's PSR-4 autoloading support, so as long as you give your
classes the right kind of names and put the files in the right places, you
don't have to think about what it means to hit the disk that many times on a
page load. Consequently, there are more and more harebrained caching schemes
showing up to kind of paper over this architectural problem. And tracking some
unexpected behavior through that many different pieces just suuuuuuucks.

I fully get that god objects are bad. But metrics like these are making
complex PHP projects worse, not better. PHP is not, _and should not be_ ,
Java. Java has already shown us what the end result of these practices looks
like. Let's not do that.

I desperately want a good code analysis tool for PHP: something that can look
behind whether there's exactly one space before a '*' in a comment block and
into deeper things like, "hey, on this line over here you tried to call a
function that doesn't exist in the class the variable is supposed to be
referencing".

Some further reading:

Aim small, miss small: [https://www.deconstructconf.com/2018/stuart-halloway-
aim-sma...](https://www.deconstructconf.com/2018/stuart-halloway-aim-small-
miss-small-writing-correct-programs)

Composition over inheritance: [https://github.com/jupeter/clean-code-
php#prefer-composition...](https://github.com/jupeter/clean-code-php#prefer-
composition-over-inheritance)

Small functions considered harmful: [https://medium.com/@copyconstruct/small-
functions-considered...](https://medium.com/@copyconstruct/small-functions-
considered-harmful-91035d316c29)

(There were a few other minor misbehaviors in this tool's output, but I'm less
disappointed by those.)

edit: Sometimes I forget to mention the things I like about a project. The
output this produces is super clean and easy to navigate, I liked it a lot.
The dashboard presentation at the beginning of the output is super cool. It's
a great idea to have a single thing you can drop in that sets up phpcs and
similar tools with reasonable defaults. The developer for PHP Insights
probably didn't make any of the decisions that resulted in line counts or
function counts being part of the output. My disappointment was only that I
got my hopes up that it was something different from what it was.

~~~
larzang
> I desperately want a good code analysis tool for PHP: something that can
> look behind whether there's exactly one space before a '*' in a comment
> block and into deeper things like, "hey, on this line over here you tried to
> call a function that doesn't exist in the class the variable is supposed to
> be referencing".

Then you want phpstan or psalm. They do actual type checking and static
analysis rather than style linting, and do it quite well.

If you do want an alternative for linting, Slevomat Coding Standard adds a
huge number of highly-configurable and useful extra rules to PHPCS. I'm a big
fan.

~~~
thaumaturgy
Wow, phpstan and psalm are both brilliant, and this is the first time I've
been introduced to them. Thank you.

------
bovermyer
I like that it has an Artisan command for Laravel projects.

------
cstuder
Direct link to the (long list) of criteria:
[https://phpinsights.com/insights/code.html](https://phpinsights.com/insights/code.html)

(And continues with Architecture, Complexity and Style.)

------
tleb_
How does it compare to PhpMetrics?
[https://phpmetrics.org/](https://phpmetrics.org/)

------
rileytg
my codebase is so old and messed it broke this tool :(

~~~
kyriakos
I was just thinking that running this on our code base will probably break the
tool. Have code from 2006.

------
asyraf
Cool! Keep it up! I will give a try on this.

------
whalesalad
Insert joke about the purely binary nature of determining PHP project quality.

~~~
techbio
I’ll bite: it either isn’t or it ain’t ;)

