{"id":13475903,"url":"https://github.com/phan/phan","last_synced_at":"2026-02-09T01:05:21.409Z","repository":{"id":37444210,"uuid":"44751102","full_name":"phan/phan","owner":"phan","description":"Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.","archived":false,"fork":false,"pushed_at":"2026-02-05T05:04:20.000Z","size":52036,"stargazers_count":5604,"open_issues_count":798,"forks_count":367,"subscribers_count":99,"default_branch":"v6","last_synced_at":"2026-02-05T17:47:04.629Z","etag":null,"topics":["analysis","analyzer","phan","php","static-analysis","static-code-analysis"],"latest_commit_sha":null,"homepage":"https://github.com/phan/phan/wiki","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phan.png","metadata":{"files":{"readme":"README.md","changelog":"NEWS.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":"DCO.txt","cla":null}},"created_at":"2015-10-22T14:34:09.000Z","updated_at":"2026-02-05T05:04:24.000Z","dependencies_parsed_at":"2026-01-28T06:06:15.689Z","dependency_job_id":null,"html_url":"https://github.com/phan/phan","commit_stats":{"total_commits":5136,"total_committers":125,"mean_commits":41.088,"dds":"0.32807632398753894","last_synced_commit":"0fd8121798fa1c77d7f7608cf36d71f0b8325880"},"previous_names":["etsy/phan"],"tags_count":187,"template":false,"template_full_name":null,"purl":"pkg:github/phan/phan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phan%2Fphan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phan%2Fphan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phan%2Fphan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phan%2Fphan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phan","download_url":"https://codeload.github.com/phan/phan/tar.gz/refs/heads/v6","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phan%2Fphan/sbom","scorecard":{"id":730504,"data":{"date":"2025-08-11","repo":{"name":"github.com/phan/phan","commit":"f8ecb958514165cd61b94459614ba1a0e9cbd9ea"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: phan.phar.asc: https://github.com/phan/phan/releases/tag/5.5.1","Info: signed release artifact: phan.phar.asc: https://github.com/phan/phan/releases/tag/5.5.0","Info: signed release artifact: phan.phar.asc: https://github.com/phan/phan/releases/tag/5.4.6","Info: signed release artifact: phan.phar.asc: https://github.com/phan/phan/releases/tag/5.4.5","Info: signed release artifact: phan.phar.asc: https://github.com/phan/phan/releases/tag/5.4.4","Warn: release artifact 5.5.1 does not have provenance: https://api.github.com/repos/phan/phan/releases/237778341","Warn: release artifact 5.5.0 does not have provenance: https://api.github.com/repos/phan/phan/releases/228801957","Warn: release artifact 5.4.6 does not have provenance: https://api.github.com/repos/phan/phan/releases/224042582","Warn: release artifact 5.4.5 does not have provenance: https://api.github.com/repos/phan/phan/releases/170064296","Warn: release artifact 5.4.4 does not have provenance: https://api.github.com/repos/phan/phan/releases/167211336"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T14:16:26.099Z","repository_id":37444210,"created_at":"2025-08-22T14:16:26.099Z","updated_at":"2025-08-22T14:16:26.099Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29252668,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T22:49:53.206Z","status":"ssl_error","status_checked_at":"2026-02-08T22:49:51.384Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","analyzer","phan","php","static-analysis","static-code-analysis"],"created_at":"2024-07-31T16:01:24.571Z","updated_at":"2026-02-09T01:05:21.402Z","avatar_url":"https://github.com/phan.png","language":"PHP","readme":"Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness.\n\nPhan looks for common issues and will verify type compatibility on various operations when type\ninformation is available or can be deduced. Phan has a good (but not comprehensive) understanding of flow control\nand can track values in a few use cases (e.g. arrays, integers, and strings).\n\n[![Build Status](https://github.com/phan/phan/actions/workflows/main.yml/badge.svg?branch=v6)](https://github.com/phan/phan/actions/workflows/main.yml?query=branch%3Av6)\n[![Build Status (Windows)](https://ci.appveyor.com/api/projects/status/github/phan/phan?branch=v6\u0026svg=true)](https://ci.appveyor.com/project/TysonAndre/phan/branch/v6)\n[![Gitter](https://badges.gitter.im/phan/phan.svg)](https://gitter.im/phan/phan?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge)\n[![Latest Stable Version](https://img.shields.io/packagist/v/phan/phan.svg)](https://packagist.org/packages/phan/phan)\n[![License](https://img.shields.io/packagist/l/phan/phan.svg)](https://github.com/phan/phan/blob/v6/LICENSE)\n\n# Getting Started\n\nThe easiest way to use Phan is via Composer.\n\n```\ncomposer require phan/phan\n```\n\nWith Phan installed, you can start analyzing your code immediately! Phan includes built-in stubs for enhanced type checking of PHP extensions.\n\nFor new projects, use `phan --init` to create a `.phan/config.php` file with recommended settings and bundled stubs. You can also [manually create a config file](https://github.com/phan/phan/wiki/Getting-Started#creating-a-config-file) if you prefer. Once configured, you can run it via `./vendor/bin/phan`.\n\nPhan 6 requires PHP 8.1+ with the [php-ast](https://github.com/nikic/php-ast) extension (1.1.3+ is required for PHP 8.4+ support) and supports analyzing PHP version 8.1-8.5 syntax.\nInstallation instructions for php-ast can be found [here](https://github.com/nikic/php-ast#installation).\n(Phan can be used without php-ast by using the CLI option `--allow-polyfill-parser`, but there are slight differences in the parsing of doc comments)\n\n* **Alternative Installation Methods**\u003cbr /\u003e\n  See [Getting Started](https://github.com/phan/phan/wiki/Getting-Started) for alternative methods of using\nPhan and details on how to configure Phan for your project.\u003cbr /\u003e\n* **Incrementally Strengthening Analysis**\u003cbr /\u003e\n  Take a look at [Incrementally Strengthening Analysis](https://github.com/phan/phan/wiki/Incrementally-Strengthening-Analysis) for some tips on how to slowly ramp up the strictness of the analysis as your code becomes better equipped to be analyzed. \u003cbr /\u003e\n* **Installing Dependencies**\u003cbr /\u003e\n  Take a look at [Installing Phan Dependencies](https://github.com/phan/phan/wiki/Getting-Started#installing-phan-dependencies) for help getting Phan's dependencies installed on your system.\n\nThe [Wiki has more information about using Phan](https://github.com/phan/phan/wiki#using-phan).\n\n# Tolerant parser dependency\n\nPhan relies on [`phan/phan-tolerant`](https://github.com/phan/phan-tolerant) for the fallback parser and language-server mapping. The project is now consumed as a Composer dependency (`microsoft/tolerant-php-parser`, overridden to our fork via the repository entry in `composer.json`) rather than via a vendored subtree.\n\nTo run the tolerant parser’s own PHPUnit suites, install its dev dependencies and invoke PHPUnit from the dependency directory:\n\n```\ncomposer install\ncd vendor/microsoft/tolerant-php-parser\ncomposer install\nphp -d zend.assertions=1 -d assert.exception=1 vendor/bin/phpunit --testsuite invariants,api\n```\n\nWhen you need to refresh the parser to a newer commit, adjust the constraint in `composer.json` (or run `composer update microsoft/tolerant-php-parser`) and commit the resulting lockfile change.\n\n# Features\n\nPhan is able to perform the following kinds of analysis:\n\n* Check that all methods, functions, classes, traits, interfaces, constants, properties and variables are defined and accessible.\n* Check for type safety and arity issues on method/function/closure calls.\n* Check for PHP 8.5/8.4/8.3/8.2/8.1 backward compatibility.\n* Check for features that weren't supported in older PHP 8.x minor releases (E.g. property hooks, `readonly` classes, enums, union types, match expressions, etc.)\n* Check for sanity with array accesses.\n* Check for type safety on binary operations.\n* Check for valid and type safe return values on methods, functions, and closures.\n* Check for No-Ops on arrays, closures, constants, properties, variables, unary operators, and binary operators.\n* Check for unused/dead/[unreachable](https://github.com/phan/phan/tree/v6/.phan/plugins#unreachablecodepluginphp) code. (Pass in `--dead-code-detection`)\n* Check for unused variables and parameters. (Pass in `--unused-variable-detection`)\n* Check for redundant or impossible conditions and pointless casts. (Pass in `--redundant-condition-detection`)\n* Check for unused `use` statements.\n  These and a few other issue types can be automatically fixed with `--automatic-fix`.\n* Check for classes, functions and methods being redefined.\n* Check for sanity with class inheritance (e.g. checks method signature compatibility).\n  Phan also checks for final classes/methods being overridden, that abstract methods are implemented, and that the implemented interface is really an interface (and so on).\n* Supports namespaces, traits and variadics.\n* Supports [Union Types](https://github.com/phan/phan/wiki/About-Union-Types).\n* Supports [Generic Types (i.e. `@template`)](https://github.com/phan/phan/wiki/Generic-Types).\n* Supports generic arrays such as `int[]`, `UserObject[]`, `array\u003cint,UserObject\u003e`, etc..\n* Supports array shapes such as `array{key:string,otherKey:?stdClass}`, etc. (internally and in PHPDoc tags)\n  This also supports indicating that fields of an array shape are optional\n  via `array{requiredKey:string,optionalKey?:string}` (useful for `@param`).\n  Multi-line forms of `@param`, `@var`, and `@return` annotations are normalized before being parsed, so docblocks can format nested arrays/generics over several lines.\n* Supports phpdoc [type annotations](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code).\n* Supports inheriting phpdoc type annotations.\n* Supports checking that phpdoc type annotations are a narrowed form (E.g. subclasses/subtypes) of the real type signatures\n* Supports inferring types from [assert() statements](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code) and conditionals in if elements/loops.\n* Supports [`@deprecated` annotation](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code#deprecated) for deprecating classes, methods and functions\n* Supports [`@internal` annotation](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code#internal) for elements (such as a constant, function, class, class constant, property or method) as internal to the package in which it's defined.\n* Supports `@suppress \u003cISSUE_TYPE\u003e` annotations for [suppressing issues](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code#suppress).\n* Supports [magic @property annotations](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code#property) (`@property \u003cunion_type\u003e \u003cvariable_name\u003e`)\n* Supports [magic @method annotations](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code#method) (`@method \u003cunion_type\u003e \u003cmethod_name\u003e(\u003cunion_type\u003e \u003cparam1_name\u003e)`)\n* Supports [`class_alias` annotations (experimental, off by default)](https://github.com/phan/phan/pull/586)\n* Supports indicating the class to which a closure will be bound, via `@phan-closure-scope` ([example](tests/files/src/0264_closure_override_context.php))\n* Supports analysis of closures and return types passed to `array_map`, `array_filter`, and other internal array functions.\n* Offers extensive configuration for weakening the analysis to make it useful on large sloppy code bases\n* Can be run on many cores. (requires `pcntl`)\n* Output is emitted in text, checkstyle, json, pylint, csv, codeclimate, html, or github formats.\n* Can run [user plugins on source for checks specific to your code](https://github.com/phan/phan/wiki/Writing-Plugins-for-Phan).\n  [Phan includes various plugins you may wish to enable for your project](https://github.com/phan/phan/tree/v6/.phan/plugins#2-general-use-plugins).\n\nSee [Phan Issue Types](https://github.com/phan/phan/wiki/Issue-Types-Caught-by-Phan) for descriptions\nand examples of all issues that can be detected by Phan. Take a look at the\n[\\Phan\\Issue](https://github.com/phan/phan/blob/v6/src/Phan/Issue.php) to see the\ndefinition of each error type.\n\nTake a look at the [Tutorial for Analyzing a Large Sloppy Code Base](https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base) to get a sense of what the process of doing ongoing analysis might look like for you.\n\nPhan can be used from [various editors and IDEs](https://github.com/phan/phan/wiki/Editor-Support) for its error checking, \"go to definition\" support, etc. via the [Language Server Protocol](https://github.com/Microsoft/language-server-protocol).\nEditors and tools can also request analysis of individual files in a project using the simpler [Daemon Mode](https://github.com/phan/phan/wiki/Using-Phan-Daemon-Mode).\n\nSee the [tests](https://github.com/phan/phan/blob/v6/tests/files) directory for some examples of the various checks.\n\nPhan is imperfect and shouldn't be used to prove that your PHP-based rocket guidance system is free of defects.\n\n## Features provided by plugins\n\nAdditional analysis features have been provided by [plugins](https://github.com/phan/phan/tree/v6/.phan/plugins#plugins).\n\n- [Checking for syntactically unreachable statements](https://github.com/phan/phan/tree/v6/.phan/plugins#unreachablecodepluginphp) (E.g. `{ throw new Exception(\"Message\"); return $value; }`)\n- [Checking `*printf()` format strings against the provided arguments](https://github.com/phan/phan/tree/v6/.phan/plugins#printfcheckerplugin) (as well as checking for common errors)\n- [Checking that PCRE regexes passed to `preg_*()` are valid](https://github.com/phan/phan/tree/v6/.phan/plugins#pregregexcheckerplugin)\n- [Checking for `@suppress` annotations that are no longer needed.](https://github.com/phan/phan/tree/v6/.phan/plugins#unusedsuppressionpluginphp)\n- [Checking for duplicate or missing array keys.](https://github.com/phan/phan/tree/v6/.phan/plugins#duplicatearraykeypluginphp)\n- [Checking coding style conventions](https://github.com/phan/phan/tree/v6/.phan/plugins#3-plugins-specific-to-code-styles)\n- [Others](https://github.com/phan/phan/tree/v6/.phan/plugins#plugins)\n\nExample: [Phan's plugins for self-analysis.](https://github.com/phan/phan/blob/3.2.8/.phan/config.php#L601-L674)\n\n# Usage\n\nAfter [installing Phan](#getting-started), Phan needs to be configured with details on where to find code to analyze and how to analyze it. The\neasiest way to tell Phan where to find source code is to [create a `.phan/config.php` file](https://github.com/phan/phan/wiki/Getting-Started#creating-a-config-file).\nA simple `.phan/config.php` file might look something like the following.\n\n```php\n\u003c?php\n\n/**\n * This configuration will be read and overlaid on top of the\n * default configuration. Command line arguments will be applied\n * after this file is read.\n */\nreturn [\n\n    // Supported values: `'8.1'`, `'8.2'`, `'8.3'`, `'8.4'`, `'8.5'`, `null`.\n    // If this is set to `null`,\n    // then Phan assumes the PHP version which is closest to the minor version\n    // of the php executable used to execute Phan.\n    \"target_php_version\" =\u003e null,\n\n    // A list of directories that should be parsed for class and\n    // method information. After excluding the directories\n    // defined in exclude_analysis_directory_list, the remaining\n    // files will be statically analyzed for errors.\n    //\n    // Thus, both first-party and third-party code being used by\n    // your application should be included in this list.\n    'directory_list' =\u003e [\n        'src',\n        'vendor/symfony/console',\n    ],\n\n    // A directory list that defines files that will be excluded\n    // from static analysis, but whose class and method\n    // information should be included.\n    //\n    // Generally, you'll want to include the directories for\n    // third-party code (such as \"vendor/\") in this list.\n    //\n    // n.b.: If you'd like to parse but not analyze 3rd\n    //       party code, directories containing that code\n    //       should be added to the `directory_list` as\n    //       to `exclude_analysis_directory_list`.\n    \"exclude_analysis_directory_list\" =\u003e [\n        'vendor/'\n    ],\n\n    // A list of plugin files to execute.\n    // Plugins which are bundled with Phan can be added here by providing their name\n    // (e.g. 'AlwaysReturnPlugin')\n    //\n    // Documentation about available bundled plugins can be found\n    // at https://github.com/phan/phan/tree/v6/.phan/plugins\n    //\n    // Alternately, you can pass in the full path to a PHP file\n    // with the plugin's implementation.\n    // (e.g. 'vendor/phan/phan/.phan/plugins/AlwaysReturnPlugin.php')\n    'plugins' =\u003e [\n        // checks if a function, closure or method unconditionally returns.\n        // can also be written as 'vendor/phan/phan/.phan/plugins/AlwaysReturnPlugin.php'\n        'AlwaysReturnPlugin',\n        'DollarDollarPlugin',\n        'DuplicateArrayKeyPlugin',\n        'DuplicateExpressionPlugin',\n        'PregRegexCheckerPlugin',\n        'PrintfCheckerPlugin',\n        'SleepCheckerPlugin',\n        // Checks for syntactically unreachable statements in\n        // the global scope or function bodies.\n        'UnreachableCodePlugin',\n        'UseReturnValuePlugin',\n        'EmptyStatementListPlugin',\n        'LoopVariableReusePlugin',\n    ],\n];\n```\n\nTake a look at [Creating a Config File](https://github.com/phan/phan/wiki/Getting-Started#creating-a-config-file) and\n[Incrementally Strengthening Analysis](https://github.com/phan/phan/wiki/Incrementally-Strengthening-Analysis) for\nmore details.\n\nRunning `phan --help` will show [usage information and command-line options](./internal/CLI-HELP.md).\n\n## Annotating Your Source Code\n\nPhan reads and understands most [PHPDoc](http://www.phpdoc.org/docs/latest/guides/types.html)\ntype annotations including [Union Types](https://github.com/phan/phan/wiki/About-Union-Types)\n(like `int|MyClass|string|null`) and generic array types (like `int[]` or `string[]|MyClass[]` or `array\u003cint,MyClass\u003e`).\n\nTake a look at [Annotating Your Source Code](https://github.com/phan/phan/wiki/Annotating-Your-Source-Code)\nand [About Union Types](https://github.com/phan/phan/wiki/About-Union-Types) for some help\ngetting started with defining types in your code.\n\nPhan supports `(int|string)[]` style annotations, and represents them internally as `int[]|string[]`\n(Both annotations are treated like array which may have integers and/or strings).\nWhen you have arrays of mixed types, just use `array`.\n\nThe following code shows off the various annotations that are supported.\n\n```php\n/**\n * @return void\n */\nfunction f() {}\n\n/** @deprecated */\nclass C {\n    /** @var int */\n    const C = 42;\n\n    /** @var string[]|null */\n    public $p = null;\n\n    /**\n     * @param int|null $p\n     * @return string[]|null\n     */\n    public static function f($p) {\n        if (is_null($p)) {\n            return null;\n        }\n\n        return array_map(\n            /** @param int $i */\n            function($i) {\n                return \"thing $i\";\n            },\n            range(0, $p)\n        );\n    }\n}\n```\n\nJust like in PHP, any type can be nulled in the function declaration which also\nmeans a null is allowed to be passed in for that parameter.\n\nPhan checks the type of every single element of arrays (Including keys and values).\nIn practical terms, this means that `[$int1=\u003e$int2,$int3=\u003e$int4,$int5=\u003e$str6]` is seen as `array\u003cint,int|string\u003e`,\nwhich Phan represents as `array\u003cint,int\u003e|array\u003cint,string\u003e`.\n`[$strKey =\u003e new MyClass(), $strKey2 =\u003e $unknown]` will be represented as\n`array\u003cstring,MyClass\u003e|array\u003cstring,mixed\u003e`.\n\n- Literals such as `[12,'myString']` will be represented internally as array shapes such as `array{0:12,1:'myString'}`\n\n# Generating a file list\n\nThis static analyzer does not track includes or try to figure out autoloader magic. It treats\nall the files you throw at it as one big application. For code encapsulated in classes this\nworks well. For code running in the global scope it gets a bit tricky because order\nmatters. If you have an `index.php` including a file that sets a bunch of global variables and\nyou then try to access those after the `include(...)` in `index.php` the static analyzer won't\nknow anything about these.\n\nIn practical terms this simply means that you should put your entry points and any files\nsetting things in the global scope at the top of your file list. If you have a `config.php`\nthat sets global variables that everything else needs, then you should put that first in the list followed by your\nvarious entry points, then all your library files containing your classes.\n\n# Development\n\nTake a look at [Developer's Guide to Phan](https://github.com/phan/phan/wiki/Developer's-Guide-To-Phan) for help getting started hacking on Phan.\n\nWhen you find an issue, please take the time to create a tiny reproducing code snippet that illustrates\nthe bug. And once you have done that, fix it. Then turn your code snippet into a test and add it to\n[tests](tests) then `./test` and send a PR with your fix and test. Alternatively, you can open an Issue with\ndetails.\n\nTo run Phan's unit tests, just run `./test`.\n\nTo run all of Phan's unit tests and integration tests, run `./tests/run_all_tests.sh`\n\n# Code of Conduct\n\nWe are committed to fostering a welcoming community. Any participant and\ncontributor is required to adhere to our [Code of Conduct](./CODE_OF_CONDUCT.md).\n\n# Online Demo\n\n**This requires an up to date version of Firefox/Chrome and at least 4 GB of free RAM.** (this is a 15 MB download)\n\n[Run Phan entirely in your browser](https://phan.github.io/demo/).\n\n[![Preview of analyzing PHP](https://raw.githubusercontent.com/phan/demo/master/static/preview.png)](https://phan.github.io/demo/)\n","funding_links":[],"categories":["PHP","Tools","目录","Table of Contents","代码分析 Code Analysis","Developer Tools","代码分析( Code Analysis )","php"],"sub_categories":["Static Analysis","静态分析 Static Analysis","collection"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphan%2Fphan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphan%2Fphan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphan%2Fphan/lists"}