{"id":23458232,"url":"https://github.com/moxio/php-codesniffer-sniffs","last_synced_at":"2026-01-21T10:04:56.460Z","repository":{"id":13486926,"uuid":"74567798","full_name":"Moxio/php-codesniffer-sniffs","owner":"Moxio","description":"Custom sniffs for PHP_CodeSniffer","archived":false,"fork":false,"pushed_at":"2024-07-26T14:58:49.000Z","size":102,"stargazers_count":16,"open_issues_count":2,"forks_count":10,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-06-13T19:03:12.481Z","etag":null,"topics":["coding-standards","php-codesniffer","phpcodesniffer-standard","static-analysis","strict-comparisons"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Moxio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-23T10:53:14.000Z","updated_at":"2025-03-14T06:47:19.000Z","dependencies_parsed_at":"2023-11-13T06:34:33.244Z","dependency_job_id":"2f17487c-21b3-44e6-b27d-b603b6971280","html_url":"https://github.com/Moxio/php-codesniffer-sniffs","commit_stats":{"total_commits":74,"total_committers":9,"mean_commits":8.222222222222221,"dds":0.5675675675675675,"last_synced_commit":"3736019cf87c8ba19255eea40298079ff0f7fdac"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/Moxio/php-codesniffer-sniffs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moxio%2Fphp-codesniffer-sniffs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moxio%2Fphp-codesniffer-sniffs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moxio%2Fphp-codesniffer-sniffs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moxio%2Fphp-codesniffer-sniffs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Moxio","download_url":"https://codeload.github.com/Moxio/php-codesniffer-sniffs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moxio%2Fphp-codesniffer-sniffs/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261058247,"owners_count":23103806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coding-standards","php-codesniffer","phpcodesniffer-standard","static-analysis","strict-comparisons"],"created_at":"2024-12-24T05:17:50.581Z","updated_at":"2026-01-21T10:04:56.416Z","avatar_url":"https://github.com/Moxio.png","language":"PHP","readme":"![Continuous Integration](https://github.com/Moxio/php-codesniffer-sniffs/workflows/Continuous%20Integration/badge.svg)\n[![Latest Stable Version](https://poser.pugx.org/moxio/php-codesniffer-sniffs/v/stable)](https://packagist.org/packages/moxio/php-codesniffer-sniffs)\n\nMoxio PHP_CodeSniffer sniffs\n=============================\nThis is a collection of our custom PHP_Codesniffer (3.x) sniffs for detecting potential bugs\nand unexpected behavior in PHP code. It may be used as a ruleset on its own, but it is mainly\nintended as a set of separate sniffs that can be integrated into other standards.\n\nWe described the motivation behind some of these sniffs [on our blog](https://www.moxio.com/blog/10/detecting-hidden-bugs-in-php-code-using-php-codesniffer).\n\nInstallation and usage\n----------------------\nInstall as a development dependency using composer:\n```\n$ composer require --dev moxio/php-codesniffer-sniffs\n```\nCheck your files against this set of sniffs:\n```\n$ ./vendor/bin/phpcs --standard=vendor/moxio/php-codesniffer-sniffs/MoxioSniffs path/to/your/files\n```\n\nDescription of sniffs\n---------------------\n_More sniffs will be added soon._\n\n**MoxioSniffs.PHP.DisallowBareContinueInSwitch**: Disallows the `continue` statement without a numeric\nargument when used directly within a `switch`-`case`. This prevents silent bugs caused by PHP\nconsidering `switch` [to be a looping structure](http://php.net/manual/en/control-structures.switch.php).\n\n**MoxioSniffs.PHP.DisallowImplicitLooseComparison**: Disallows implicit non-strict comparisons by functions\nlike `in_array` and `array_search`. Requires that the `$strict`-parameter to these functions is\nexplicitly set. This prevents hidden bugs due to [counter-intuitive behavior of non-strict\ncomparison](https://twitter.com/fabpot/status/460707769990266880).\n\n**MoxioSniffs.PHP.DisallowImplicitLooseBase64Decode**: Disallows implicit non-strict usage of the `base64_decode` function.\nRequires that the `$strict`-parameter to this function is explicitly set.\n\n**MoxioSniffs.PHP.DisallowUniqidWithoutMoreEntropy**: Disallows calls to `uniqid()` without `$more_entropy =\ntrue`.  When `$more_entropy` is `false` (which is the default), `uniqid()` calls `usleep()` to avoid\ncollisions, which [can be a substantial performance hit](http://blog.kevingomez.fr/til/2015/07/26/why-is-uniqid-slow/).\nAlways calling `uniqid()` with `$more_entropy = true` avoids these problems.\n\n**MoxioSniffs.PHP.DisallowArrayCombinersWithSingleArray**: Disallows calls to functions that combine two or more\narrays with only a single array given as an argument. This applies to functions like `array_merge(_recursive)`,\n`array_replace(_recursive)` and all variants of `array_diff` and `array_intersect`. Such a call does not make sense,\nand is most likely a result of a misplaced comma or parenthesis. To re-index a single array, just use `array_values`.\n\n**MoxioSniffs.PHP.DisallowImplicitMicrotimeAsString**: Disallows calls to `microtime()` without the `$get_as_float`\nargument being explicitly set. By default, `microtime` has a string as its return value (\"msec sec\"), which\nis unexpected and cannot be naively cast to float, making it error-prone. It is still possible to set this\nargument to `false`, but in that case you have probably thought about this.\n\n**MoxioSniffs.PHP.DisallowImplicitIteratorToArrayWithUseKeys**: Disallows calls to `iterator_to_array()` without the\n`$use_keys` argument being explicitly set. By default, `iterator_to_array` uses the keys provided\nby the iterator. This behavior is often desired for associative arrays, but can cause [unexpected\nresults](https://twitter.com/hollodotme/status/1057909890566537217) for 'list-like' arrays. Explicitly\nrequiring the parameter to be set ensures that the developer has to think about which behavior is desired\nfor the situation at hand.\n\n**MoxioSniffs.PHP.DisallowDateTime**: Disallows usage of `\\DateTime` and promotes the use of `\\DateTimeImmutable`\ninstead. The former being mutable can lead to some subtle but nasty bugs. See [this post](https://blog.nikolaposa.in.rs/2019/07/01/stop-using-datetime/)\nfor more background on why you would want to discourage using `\\DateTime`.\n\n**MoxioSniffs.PHP.DisallowMbDetectEncoding**: Disallows usage of `mb_detect_encoding`. This function has a misleading\nname that implies it can actually detect the encoding of a string, a problem which is generally impossible. Rather\nit checks a list of encodings until it finds one that _could_ be the right one (i.e. the string is a valid byte sequence\naccording to that encoding). Using `mb_check_encoding` (possibly in a loop) instead makes this much more explicit. See\n[this talk](https://www.youtube.com/watch?v=K2zS6vbBb9A) for more background information on this topic.\n\n**MoxioSniffs.PHP.DisallowUtf8EncodeDecode**: Disallows calls to `utf8_encode()` and `utf8_decode()`. These functions\ncan be considered misleading because they only convert to/from ISO-8859-1, and do not 'magically' detect the\nsource/target encoding. Using `iconv()` or `mb_convert_encoding()` instead makes both character encodings that play a\nrole in the conversion explicit.\n\n**MoxioSniffs.PHP.DisallowDateCreateFromFormatWithUnspecifiedTimeComponent**: Disallows calls to\n`\\DateTime::createFromFormat`, `\\DateTimeImmutable::createFromFormat`, `date_create_from_format` \u0026\n`date_create_immutable_from_format` with formats which do not specify a time component and do not initialize fields to\nnull. This would otherwise create DateTime(Immutable) objects with a time component set to the current (creation) time,\nwhich is probably never what you want and can be a source of bugs.\n\nRunning tests\n-------------\nAfter installing dependencies (including development dependencies) using Composer, run\n```\n$ ./vendor/bin/phpunit\n```\nfrom the project root dir.\n\nVersioning\n----------\nThis project adheres to [Semantic Versioning](http://semver.org/).\n\nPlease note that, from the perspective of this library as a pick-and-match collection of sniffs (and not\na complete coding standard), the addition of new sniffs will not be considered a breaking change and thus\ndoes not cause an increase in the major version number.\n\nLicense\n-------\nThese sniffs are released under the MIT license.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoxio%2Fphp-codesniffer-sniffs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoxio%2Fphp-codesniffer-sniffs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoxio%2Fphp-codesniffer-sniffs/lists"}