Hacker News new | past | comments | ask | show | jobs | submit login
Catching bugs early with static analysis (madewithlove.be)
57 points by andreascreten 69 days ago | hide | past | web | favorite | 12 comments

PHPStan is a great tool. In addition to PHPStan, I also use phpnsc (name space checker) to check for missing use statements, php-cs-fixer (code style fixer) to ensure the code adheres to my code style, phpcpd (copy paste detector) to detect duplicate code, and phpmd (mess detector) to find potential problems in the code. These are all set up in my CI pipeline so that my app will fail to build if any of these 5 tools detect a problem. It has saved me from deploying buggy code several times.

Here’s a GitHub repo and Docker image with lots more static analysis tools to play with:


Great advice and thank you for sharing! Do you have a Dockerfile or CI config/recipe that you could share?

Here's the bash script I use to do the code validation. It's called from within my Dockerfile.


Makes sense, thanks for sharing!

Very helpful in the JS world, but I am afraid there is not standalone standard for static checks in JS.

There is typescript, but that's an entire new language to just partially cover the type checks.

If you compile your code with TypeScript and set allowJs=true, you’ll get a lot of checking for free with no changes at all to your existing JS code. TS will catch things like dead code, missing return statements, type mismatches and so on for free.

It will be nice if the use case of TS only being used as a static checker be supported better, but then there will be no point in TS as a language

If that's the use case you have, then Facebook's Flow is a better fit.

What kind of additional support do you wish TS had, that it doesn’t have already?

Fortify SCA supports js and typescript. I’ve been writing custom rules for it lately at work and have had great success with it. Expensive but powerful tool.

alternative to typescript would be facebook's flow.js, which works with 'normal' JS code

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact