{"id":13614303,"url":"https://github.com/psalm/psalm-plugin-symfony","last_synced_at":"2026-02-12T14:19:22.177Z","repository":{"id":37041439,"uuid":"221225964","full_name":"psalm/psalm-plugin-symfony","owner":"psalm","description":"Psalm Plugin for Symfony","archived":false,"fork":false,"pushed_at":"2025-02-05T11:16:20.000Z","size":452,"stargazers_count":233,"open_issues_count":37,"forks_count":55,"subscribers_count":9,"default_branch":"5.x","last_synced_at":"2025-08-11T21:37:08.031Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Gherkin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psalm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-12T13:35:50.000Z","updated_at":"2025-06-12T05:16:51.000Z","dependencies_parsed_at":"2024-11-07T22:37:05.849Z","dependency_job_id":"87d28e5d-8fe0-453e-a211-3c1a8d81a146","html_url":"https://github.com/psalm/psalm-plugin-symfony","commit_stats":{"total_commits":195,"total_committers":38,"mean_commits":5.131578947368421,"dds":0.5692307692307692,"last_synced_commit":"2aa596491c1ade315cb9ac14a29788e7466c8444"},"previous_names":["psalm/symfony-psalm-plugin"],"tags_count":72,"template":false,"template_full_name":null,"purl":"pkg:github/psalm/psalm-plugin-symfony","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psalm%2Fpsalm-plugin-symfony","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psalm%2Fpsalm-plugin-symfony/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psalm%2Fpsalm-plugin-symfony/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psalm%2Fpsalm-plugin-symfony/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psalm","download_url":"https://codeload.github.com/psalm/psalm-plugin-symfony/tar.gz/refs/heads/5.x","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psalm%2Fpsalm-plugin-symfony/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270111729,"owners_count":24529346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-12T02:00:09.011Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T20:00:59.628Z","updated_at":"2026-01-11T06:44:04.416Z","avatar_url":"https://github.com/psalm.png","language":"Gherkin","funding_links":[],"categories":["Gherkin","PHP"],"sub_categories":[],"readme":"# Symfony Psalm Plugin\n\n![Integrate](https://github.com/psalm/psalm-plugin-symfony/workflows/Integrate/badge.svg)\n\n### Installation\n\n```\ncomposer require --dev psalm/plugin-symfony\nvendor/bin/psalm --init\nvendor/bin/psalm-plugin enable psalm/plugin-symfony\n```\n\n### Versions \u0026 Dependencies\n\n| Symfony Psalm Plugin | PHP        | Symfony | Psalm |\n|----------------------|------------|---------|-------|\n| 5.x                  | ^8.1       | 5, 6, 7 | 6     |\n| 4.x                  | ^7.4, ^8.0 | 4, 5, 6 | 4     |\n| 3.x                  | ^7.1, ^8.0 | 4, 5, 6 | 4     |\n| 2.x                  | ^7.1, ^8.0 | 4, 5    | 4     |\n| 1.x                  | ^7.1       | 3, 4, 5 | 3     |\n\n### Features\n\n- Detects the `ContainerInterface::get()` result type. Works better if you [configure](#configuration) a compiled container XML file.\n- Detects parameter return types from `ContainerInterface::getParameter()`.\n- Supports [Service Subscribers](https://github.com/psalm/psalm-plugin-symfony/issues/20). Works only if you [configure](#configuration) a compiled container XML file.\n- Detects return types from console arguments (`InputInterface::getArgument()`) and options (`InputInterface::getOption()`).\nEnforces to use \"InputArgument\" and \"InputOption\" constants as a best practice.\n- Detects Doctrine repository classes associated to entities when configured via annotations.\n- Fixes `PossiblyInvalidArgument` for `Symfony\\Component\\HttpFoundation\\Request::getContent()`.\nThe plugin determines the real return type by checking the given argument and marks it as either \"string\" or \"resource\".\n- Detects the return type of `Symfony\\Component\\HttpFoundation\\HeaderBag::get()` by checking the default value (third argument for \u003c Symfony 4.4).\n- Detects the return types of `Symfony\\Component\\Messenger\\Envelope::last` and `Symfony\\Component\\Messenger\\Envelope::all`, based on the provided argument.\n- Taint analysis for Symfony.\n- Detects services and parameters [naming conventions](https://symfony.com/doc/current/contributing/code/standards.html#naming-conventions) violations.\n- Complains when `Container` is injected in a service, and asks to use dependency-injection instead.\n- Fixes `PropertyNotSetInConstructor` false positive issues:\n  - $container in AbstractController\n  - $context in ConstraintValidator classes\n  - properties in custom `@Annotation` classes\n- And [much more](https://github.com/psalm/psalm-plugin-symfony/tree/master/tests/acceptance/acceptance)!\n\n### Configuration\n\nIf you follow the installation instructions, the psalm-plugin command will add this plugin configuration to the `psalm.xml` configuration file.\n\n```xml\n\u003c?xml version=\"1.0\"?\u003e\n\u003cpsalm errorLevel=\"1\"\u003e\n    \u003c!--  project configuration --\u003e\n\n    \u003cplugins\u003e\n        \u003cpluginClass class=\"Psalm\\SymfonyPsalmPlugin\\Plugin\" /\u003e\n    \u003c/plugins\u003e\n\u003c/psalm\u003e\n```\n\nTo be able to detect return types of services using ID (generally starts with `@` in Symfony YAML config files. Ex: `logger` service)\n`containerXml` must be provided.\nExample:\n\n```xml\n\u003cpluginClass class=\"Psalm\\SymfonyPsalmPlugin\\Plugin\"\u003e\n    \u003ccontainerXml\u003evar/cache/dev/App_KernelDevDebugContainer.xml\u003c/containerXml\u003e\n\u003c/pluginClass\u003e\n```\n\nThis file path may change based on your Symfony version, file structure and environment settings.\nDefault files are:\n- Symfony 3: `var/cache/dev/srcDevDebugProjectContainer.xml`\n- Symfony 4: `var/cache/dev/srcApp_KernelDevDebugContainer.xml`\n- Symfony 5+: `var/cache/dev/App_KernelDevDebugContainer.xml`\n\nMultiple container files can be configured. In this case, the first valid file is taken into account.\nIf none of the given files is valid, a configuration exception is thrown.\nExample:\n\n```xml\n\u003cpluginClass class=\"Psalm\\SymfonyPsalmPlugin\\Plugin\"\u003e\n    \u003ccontainerXml\u003evar/cache/dev/App_KernelDevDebugContainer.xml\u003c/containerXml\u003e\n    \u003ccontainerXml\u003evar/cache/dev/App_KernelTestDebugContainer.xml\u003c/containerXml\u003e\n\u003c/pluginClass\u003e\n```\n\nIf you're using PHP config files for Symfony 5.3+, you also need this for auto-loading of `Symfony\\Config`:\n\n```xml\n\u003cextraFiles\u003e\n    \u003cdirectory name=\"var/cache/dev/Symfony/Config\" /\u003e \u003c!-- https://github.com/psalm/psalm-plugin-symfony/issues/201 --\u003e\n\u003c/extraFiles\u003e\n```\n\nIf you're using Symfony's `env()` or `param()` functions in your PHP config files, you also need this for auto-loading them:\n\n```xml\n\u003cstubs\u003e\n    \u003cfile name=\"vendor/symfony/dependency-injection/Loader/Configurator/ContainerConfigurator.php\" /\u003e\n\u003c/stubs\u003e\n```\n\nIf you're getting the following error\n\n\u003e MissingFile - config/preload.php - Cannot find file ...var/cache/prod/App_KernelProdContainer.preload.php to include\n\n...you can suppress it like this:\n\n```xml\n\u003cissueHandlers\u003e\n    \u003cMissingFile\u003e \u003c!-- https://github.com/psalm/psalm-plugin-symfony/issues/205 --\u003e\n        \u003cerrorLevel type=\"suppress\"\u003e\n            \u003cfile name=\"config/preload.php\" /\u003e\n        \u003c/errorLevel\u003e\n    \u003c/MissingFile\u003e\n\u003c/issueHandlers\u003e\n```\n\n#### Symfony version\n\nBy default, the plugin uses the `Kernel::MAJOR_VERSION` constant to determine your version of Symfony. However, this\nmight not be accurate if you have Psalm installed globally. You can set the version explicitly using\nthe `symfonyMajorVersion` configuration option:\n\n```xml\n\u003cpluginClass class=\"Psalm\\SymfonyPsalmPlugin\\Plugin\"\u003e\n    \u003csymfonyMajorVersion\u003e6\u003c/symfonyMajorVersion\u003e\n\u003c/pluginClass\u003e\n```\n\n### Twig tainting (experimental)\n\nWhen it comes to taint analysis for Twig templates, there are currently two approaches:\n\n - The first one is based on a specific file analyzer (`Psalm\\SymfonyPsalmPlugin\\Twig\\TemplateFileAnalyzer`) which leverages the Twig parser and visits the AST nodes.\n - The second one is based on the already compiled Twig templates, it only bridges calls from `Twig\\Environment::render` to the actual `doRender` method of the compiled template.\n\n#### Twig Analyzer\n\nThis approach is more robust since it relies on the official Twig parser and node visitor mechanisms.\nFor the moment, it is only able to detect simple tainted paths.\n\nTo leverage the real Twig file analyzer, you have to configure a checker for the `.twig` extension as follows:\n\n```xml\n\u003cfileExtensions\u003e\n   \u003cextension name=\".php\" /\u003e\n   \u003cextension name=\".twig\" checker=\"/vendor/psalm/plugin-symfony/src/Twig/TemplateFileAnalyzer.php\"/\u003e\n\u003c/fileExtensions\u003e\n```\n\n[See the currently supported cases.](https://github.com/psalm/psalm-plugin-symfony/blob/master/tests/acceptance/acceptance/TwigTaintingWithAnalyzer.feature)\n\n#### Cache Analyzer\n\nThis approach is \"dirtier\", since it tries to connect the taints from the application code to the compiled PHP code representing a given template.\nIt is theoretically able to detect more taints than the previous approach out-of-the-box, but it still lacks ways to handle inheritance and stuff like that.\n\nTo allow the analysis through the cached template files, you have to add the `twigCachePath` entry to the plugin configuration :\n\n```xml\n\u003cpluginClass class=\"Psalm\\SymfonyPsalmPlugin\\Plugin\"\u003e\n    \u003ctwigCachePath\u003e/cache/twig\u003c/twigCachePath\u003e\n\u003c/pluginClass\u003e\n```\n\n[See the currently supported cases.](https://github.com/psalm/psalm-plugin-symfony/blob/master/tests/acceptance/acceptance/TwigTaintingWithCachedTemplates.feature)\n\n### Credits\n\n- Plugin created by [@seferov](https://github.com/seferov)\n- [@weirdan](https://github.com/weirdan) for [codeception psalm module](https://github.com/weirdan/codeception-psalm-module)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsalm%2Fpsalm-plugin-symfony","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsalm%2Fpsalm-plugin-symfony","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsalm%2Fpsalm-plugin-symfony/lists"}