{"id":13404907,"url":"https://github.com/phpstan/phpstan","last_synced_at":"2026-01-21T16:01:18.582Z","repository":{"id":37405624,"uuid":"49014795","full_name":"phpstan/phpstan","owner":"phpstan","description":"PHP Static Analysis Tool - discover bugs in your code without running it!","archived":false,"fork":false,"pushed_at":"2025-10-19T15:03:44.000Z","size":6687358,"stargazers_count":13681,"open_issues_count":1272,"forks_count":931,"subscribers_count":158,"default_branch":"2.1.x","last_synced_at":"2025-10-19T17:17:37.405Z","etag":null,"topics":["php","php7","phpstan","static-analysis","static-analyzer","static-code-analysis","testing"],"latest_commit_sha":null,"homepage":"https://phpstan.org/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phpstan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["ondrejmirtes","phpstan"]}},"created_at":"2016-01-04T18:22:16.000Z","updated_at":"2025-10-19T14:53:53.000Z","dependencies_parsed_at":"2022-07-09T11:00:23.363Z","dependency_job_id":"ad7d4c88-585b-4d29-b074-d3344fef23cb","html_url":"https://github.com/phpstan/phpstan","commit_stats":{"total_commits":10610,"total_committers":290,"mean_commits":36.58620689655172,"dds":0.2439208294062205,"last_synced_commit":"b00c42d2964e453bd634835104515a7b92578684"},"previous_names":[],"tags_count":399,"template":false,"template_full_name":null,"purl":"pkg:github/phpstan/phpstan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpstan%2Fphpstan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpstan%2Fphpstan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpstan%2Fphpstan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpstan%2Fphpstan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phpstan","download_url":"https://codeload.github.com/phpstan/phpstan/tar.gz/refs/heads/2.1.x","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpstan%2Fphpstan/sbom","scorecard":{"id":732506,"data":{"date":"2025-08-11","repo":{"name":"github.com/phpstan/phpstan","commit":"314a47abb73da4a5be83bfc589db18e41070c6ff"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 4/27 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/phpstan/.github/SECURITY.md:1","Info: Found linked content: github.com/phpstan/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/phpstan/.github/SECURITY.md:1","Info: Found text in security policy: github.com/phpstan/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: phpstan.phar.asc: https://github.com/phpstan/phpstan/releases/tag/2.1.22","Info: signed release artifact: phpstan.phar.asc: https://github.com/phpstan/phpstan/releases/tag/2.1.21","Info: signed release artifact: phpstan.phar.asc: https://github.com/phpstan/phpstan/releases/tag/2.1.20","Info: signed release artifact: phpstan.phar.asc: https://github.com/phpstan/phpstan/releases/tag/2.1.19","Info: signed release artifact: phpstan.phar.asc: https://github.com/phpstan/phpstan/releases/tag/2.1.18","Warn: release artifact 2.1.22 does not have provenance: https://api.github.com/repos/phpstan/phpstan/releases/237464780","Warn: release artifact 2.1.21 does not have provenance: https://api.github.com/repos/phpstan/phpstan/releases/235746142","Warn: release artifact 2.1.20 does not have provenance: https://api.github.com/repos/phpstan/phpstan/releases/235399454","Warn: release artifact 2.1.19 does not have provenance: https://api.github.com/repos/phpstan/phpstan/releases/234025805","Warn: release artifact 2.1.18 does not have provenance: https://api.github.com/repos/phpstan/phpstan/releases/233266391"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch '2.1.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 7 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-22T14:50:03.783Z","repository_id":37405624,"created_at":"2025-08-22T14:50:03.783Z","updated_at":"2025-08-22T14:50:03.783Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28635926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T15:01:31.228Z","status":"ssl_error","status_checked_at":"2026-01-21T14:42:58.942Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","php7","phpstan","static-analysis","static-analyzer","static-code-analysis","testing"],"created_at":"2024-07-30T19:01:53.090Z","updated_at":"2026-01-21T16:01:18.576Z","avatar_url":"https://github.com/phpstan.png","language":"PHP","readme":"\u003ch1 align=\"center\"\u003ePHPStan - PHP Static Analysis Tool\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"https://i.imgur.com/WaRKPlC.png\" alt=\"PHPStan\" width=\"300\" height=\"300\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\t\u003ca href=\"https://github.com/phpstan/phpstan/actions\"\u003e\u003cimg src=\"https://github.com/phpstan/phpstan/workflows/Tests/badge.svg\" alt=\"Build Status\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://packagist.org/packages/phpstan/phpstan\"\u003e\u003cimg src=\"https://poser.pugx.org/phpstan/phpstan/v/stable\" alt=\"Latest Stable Version\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://packagist.org/packages/phpstan/phpstan/stats\"\u003e\u003cimg src=\"https://poser.pugx.org/phpstan/phpstan/downloads\" alt=\"Total Downloads\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://choosealicense.com/licenses/mit/\"\u003e\u003cimg src=\"https://poser.pugx.org/phpstan/phpstan/license\" alt=\"License\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://phpstan.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat\" alt=\"PHPStan Enabled\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n------\n\nPHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs\neven before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code\ncan be checked before you run the actual line.\n\n**[Read more about PHPStan »](https://phpstan.org/)**\n\n**[Try out PHPStan on the on-line playground! »](https://phpstan.org/try)**\n\n## Sponsors\n\nWant your logo here? [Learn more »](https://phpstan.org/sponsor)\n\n### Gold Sponsors\n\n\u003ca href=\"https://ma.tt/\"\u003e\u003cimg src=\"website/src/images/sponsor/matt.png\" alt=\"Matt Mullenweg\" width=\"290\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://mojam.co/\"\u003e\u003cimg src=\"website/src/images/sponsor/mojam.png\" alt=\"Mojam\" width=\"290\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://www.check24.de/\"\u003e\u003cimg src=\"website/src/images/sponsor/check24.png\" alt=\"CHECK24\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n### Silver Sponsors\n\n\u003ca href=\"https://www.startupjobs.cz/startup/shipmonk\"\u003e\u003cimg src=\"website/src/images/sponsor/shipmonk.jpg\" alt=\"ShipMonk\" width=\"290\" height=\"64\"\u003e\u003c/a\u003e\n\u003ca href=\"https://www.shopware.com/en/\"\u003e\u003cimg src=\"website/src/images/sponsor/shopware.png\" alt=\"Shopware\" width=\"284\" height=\"64\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n### Bronze Sponsors\n\n\u003ca href=\"https://coders.thecodingmachine.com/phpstan\"\u003e\u003cimg src=\"website/src/images/sponsor/tcm.png\" alt=\"TheCodingMachine\" width=\"247\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://packagist.com/?utm_source=phpstan\u0026utm_medium=readme\u0026utm_campaign=sponsorlogo\"\u003e\u003cimg src=\"website/src/images/sponsor/packagist.png\" alt=\"Private Packagist\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://www.cdn77.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/cdn77.png\" alt=\"CDN77\" width=\"290\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://blackfire.io/docs/introduction?utm_source=phpstan\u0026utm_medium=github_readme\u0026utm_campaign=logo\"\u003e\u003cimg src=\"website/src/images/sponsor/blackfire.png\" alt=\"Blackfire.io\" width=\"254\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://www.iodigital.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/io.png\" alt=\"iO\" width=\"254\" height=\"65\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://www.fame.fi/\"\u003e\u003cimg src=\"website/src/images/sponsor/fame.png\" alt=\"Fame Helsinki\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://werkenbijbelsimpel.nl/en/about-us/\"\u003e\u003cimg src=\"website/src/images/sponsor/belsimpel.png\" alt=\"Belsimpel\" width=\"284\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://togetter.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/togetter.png\" alt=\"Togetter\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://join.rightcapital.com/?utm_source=phpstan\u0026utm_medium=github\u0026utm_campaign=sponsorship\"\u003e\u003cimg src=\"website/src/images/sponsor/rightcapital.png\" alt=\"RightCapital\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://www.shoptet.cz/\"\u003e\u003cimg src=\"website/src/images/sponsor/shoptet.png\" alt=\"Shoptet\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://zol.fr?utm_source=phpstan\"\u003e\u003cimg src=\"website/src/images/sponsor/zol.png\" alt=\"ZOL\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://www.edgenext.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/edgenext.png\" alt=\"EdgeNext\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://route4me.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/route4me.png\" alt=\"Route4Me: Route Optimizer and Route Planner Software\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://craftcms.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/craftcms.png\" alt=\"Craft CMS\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://jobs.ticketswap.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/ticketswap.png\" alt=\"TicketSwap\" width=\"269\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://www.campoint.net/\"\u003e\u003cimg src=\"website/src/images/sponsor/campoint.png\" alt=\"campoint AG\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\u003ca href=\"https://www.crisp.nl/\"\u003e\u003cimg src=\"website/src/images/sponsor/crisp.png\" alt=\"Crisp.nl\" width=\"283\" height=\"64\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://inviqa.com/\"\u003e\u003cimg src=\"website/src/images/sponsor/inviqa.png\" alt=\"Inviqa\" width=\"254\" height=\"65\"\u003e\u003c/a\u003e\n\u003cbr\u003e\n\n\n\n[**You can sponsor my open-source work on PHPStan through GitHub Sponsors and also directly.**](https://phpstan.org/sponsor)\n\nOne-time donations [through Revolut.me](https://revolut.me/ondrejmirtes) are also accepted. To request an invoice, [contact me](mailto:ondrej@mirtes.cz) through e-mail.\n\n## Documentation\n\nAll the documentation lives on the [phpstan.org website](https://phpstan.org/):\n\n* [Getting Started \u0026 User Guide](https://phpstan.org/user-guide/getting-started)\n* [Config Reference](https://phpstan.org/config-reference)\n* [PHPDocs Basics](https://phpstan.org/writing-php-code/phpdocs-basics) \u0026 [PHPDoc Types](https://phpstan.org/writing-php-code/phpdoc-types)\n* [Extension Library](https://phpstan.org/user-guide/extension-library)\n* [Developing Extensions](https://phpstan.org/developing-extensions/extension-types)\n* [API Reference](https://apiref.phpstan.org/)\n\n## PHPStan Pro\n\nPHPStan Pro is a paid add-on on top of open-source PHPStan Static Analysis Tool with these premium features:\n\n* Web UI for browsing found errors, you can click and open your editor of choice on the offending line.\n* Continuous analysis (watch mode): scans changed files in the background, refreshes the UI automatically.\n\nTry it on PHPStan 0.12.45 or later by running it with the `--pro` option. You can create an account either by following the on-screen instructions, or by visiting [account.phpstan.com](https://account.phpstan.com/).\n\nAfter 30-day free trial period it costs 7 EUR for individuals monthly, 70 EUR for teams (up to 25 members). By paying for PHPStan Pro, you're supporting the development of open-source PHPStan.\n\nYou can read more about it on [PHPStan's website](https://phpstan.org/blog/introducing-phpstan-pro).\n\n## Code of Conduct\n\nThis project adheres to a [Contributor Code of Conduct](https://github.com/phpstan/phpstan/blob/master/CODE_OF_CONDUCT.md). By participating in this project and its community, you are expected to uphold this code.\n\n## Contributing\n\nAny contributions are welcome. PHPStan's source code open to pull requests lives at [`phpstan/phpstan-src`](https://github.com/phpstan/phpstan-src).\n","funding_links":["https://github.com/sponsors/ondrejmirtes","https://github.com/sponsors/phpstan"],"categories":["PHP","Uncategorized","Miscellaneous","Standalone","目录","Table of Contents","HTML","PHP (184)","工具推荐","网络服务","代码分析( Code Analysis )","类库","Dev Tools","代码分析 Code Analysis","Static Application Security Testing (SAST)"],"sub_categories":["Uncategorized","Bugs finders","静态分析 Static Analysis","Static Analysis","网络服务_其他","代码检查/静态分析","PHP Dev Tools","Libraries","Language Specific"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphpstan%2Fphpstan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphpstan%2Fphpstan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphpstan%2Fphpstan/lists"}