
Catching bugs early with static analysis - andreascreten
https://madewithlove.be/how-to-catch-bugs-early-with-static-analysis-using-psal-phan-or-phpstan/
======
phpdave11
PHPStan is a great tool. In addition to PHPStan, I also use phpnsc (name space
checker) to check for missing use statements, php-cs-fixer (code style fixer)
to ensure the code adheres to my code style, phpcpd (copy paste detector) to
detect duplicate code, and phpmd (mess detector) to find potential problems in
the code. These are all set up in my CI pipeline so that my app will fail to
build if any of these 5 tools detect a problem. It has saved me from deploying
buggy code several times.

~~~
king7532
Great advice and thank you for sharing! Do you have a Dockerfile or CI
config/recipe that you could share?

~~~
phpdave11
Here's the bash script I use to do the code validation. It's called from
within my Dockerfile.

[https://gist.github.com/phpdave11/412893f8366cab0afa85e81a7a...](https://gist.github.com/phpdave11/412893f8366cab0afa85e81a7a66bd72#file-
validate-code-sh)

------
baybal2
Very helpful in the JS world, but I am afraid there is not standalone standard
for static checks in JS.

There is typescript, but that's an entire new language to just partially cover
the type checks.

~~~
bcherny
If you compile your code with TypeScript and set allowJs=true, you’ll get a
lot of checking for free with no changes at all to your existing JS code. TS
will catch things like dead code, missing return statements, type mismatches
and so on for free.

~~~
baybal2
It will be nice if the use case of TS only being used as a static checker be
supported better, but then there will be no point in TS as a language

~~~
oakesm9
If that's the use case you have, then Facebook's Flow is a better fit.

