30 open-source projects similar to phan/phan, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Phan alternative.
This project is a static analysis engine and type checker designed for PHP codebases. It evaluates source code structure and type annotations to identify potential bugs, type mismatches, and logic errors without executing the application. By parsing code into an abstract syntax tree and applying a rule-based validation framework, it enforces code quality and safety standards across a project. What distinguishes this tool is its sophisticated type inference engine, which models dynamic language features, magic methods, and conditional types to maintain accuracy even in unconventional code. It
lua-language-server is a static analysis tool and type checker for the Lua language that implements the Language Server Protocol. It provides a system for detecting type mismatches, unused code, and logic errors in source files. The project features an inference-based type system that deduces variable types and supports optional annotations and meta files to enforce type safety. It allows for the definition of custom types and function signatures, including support for overloads and member visibility controls. The server provides a broad set of IDE capabilities, including real-time code auto
Larastan is a static analysis extension and type inference engine for PHP designed to detect bugs and type errors in Laravel applications. It extends PHPStan to resolve framework-specific patterns and magic methods, providing a rule-based scanning engine to audit code quality without executing the application. The tool specializes in Eloquent analysis, verifying that model properties, casts, and relationships align with database schemas and migrations. It tracks types across Eloquent collections, custom builders, and model factories to ensure type safety during database operations and iterati
Pylint is a static code analysis tool for Python that checks source code for errors, coding standard violations, and code smells without executing the program. It parses code into an abstract syntax tree and walks the tree to detect issues, enforces configurable style rules and naming conventions, and identifies duplicate code blocks by comparing tokenised source sequences. The tool also includes an inference engine that deduces variable types by simulating code paths, enabling deeper analysis even in untyped code. What distinguishes Pylint is its plugin-based checker architecture, which allo
axe-core is an automated accessibility testing engine and compliance auditor designed to scan web and mobile interfaces for violations of industry accessibility standards. It functions as a programmatic scanner and linter that analyzes HTML and source code to identify barriers and verify compliance with accessibility guidelines. The project distinguishes itself by combining a DOM-based rule engine with computer vision and machine learning to detect complex violations that evade traditional analysis, such as visual heading discrepancies and informative images. It provides specialized capabilit
TFLint is a static analysis tool and infrastructure-as-code validator designed to identify errors and enforce best practices within Terraform configuration files. It functions as a quality gate for automated workflows and a language server that provides real-time diagnostics and linting errors directly within supported text editors. The project utilizes a gRPC plugin framework that allows for the integration of custom provider-specific validation rules via independent binaries and a dedicated SDK. This architecture separates core linting logic from cloud-specific validation, supporting the au
Pytype is a static code analysis tool and type inference engine for Python. It functions as a static type analyzer that detects type mismatches and verifies type annotations without requiring full manual hinting, while also serving as a type stub generator for producing standalone definition files. The project distinguishes itself by automatically determining variable and function types through an analysis of code patterns and assignments. This inference engine allows for structural code verification and the generation of type stubs that describe the interfaces of modules and functions. The
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
RLS is a language server that provides language intelligence for the Rust programming language. It implements the Language Server Protocol to enable a standardized communication layer between the Rust compiler and various editor clients. The project focuses on providing real-time code completions, symbol navigation, and type information. It also supports automated structural changes, such as workspace-wide symbol renaming, to maintain semantic correctness during refactoring. The system incorporates static code analysis for linting and formatting, alongside a mechanism for incremental compila
Detekt is a static analysis tool, code quality linter, and complexity analyzer for Kotlin source code. It functions as a code smell detector and static scanner designed to identify potential bugs, design flaws, and violations of coding standards without executing the program. The tool differentiates itself through the use of issue baselining, which allows users to create a snapshot of existing legacy code issues to filter out old violations and focus on preventing new regressions. It further supports extensibility via a plugin-based system that allows for the integration of custom rule sets a
Flow is a JavaScript static type checker and AST parser that identifies type errors and prevents runtime failures through static annotations. It functions as a code intelligence engine and a static analysis linter to identify unsafe coding patterns and enforce consistency across a codebase. The project includes a type annotation stripper that removes static type signatures from source code, ensuring the resulting JavaScript is compatible with any runtime environment. It also provides a parser that converts typed JavaScript into an abstract syntax tree conforming to the ESTree specification.
kotlin-lsp is a language server implementation that integrates editors with the Kotlin compiler and build tools to provide language intelligence and code analysis. It uses the Language Server Protocol to decouple heavy language processing from the text editor user interface. The project provides static code analysis to detect issues and provide real-time diagnostics. It enables source code navigation through symbol-index based jumping to definitions and an analysis of how components interact. Additional capabilities include automated source code formatting, intelligent code completion, and s
Vulkan-Hpp is a header-only C++ binding library for the Vulkan graphics and compute API. It provides a type-safe wrapper around the Vulkan C API, allowing developers to interface with GPU hardware through a C++ interface that introduces no runtime CPU overhead. The library utilizes Resource Acquisition Is Initialization patterns to manage the lifecycle of Vulkan handles and objects, automating the release of GPU resources. It replaces C-style enumerations and bit-fields with strong typing and static type checking to catch invalid API parameter assignments during compilation. The project cove
p3c is a Java static analysis tool and code quality linter designed to enforce professional coding guidelines and quality standards. It utilizes a set of custom rules based on the PMD engine to scan source code for style violations, performance bottlenecks, and potential bugs. The project is distributed as an IDE linting plugin that provides real-time feedback and warnings during development. It also includes functionality for pre-commit code quality gates, allowing modified files to be scanned and blocked if they violate defined rules before being committed to version control. The analysis
This project is a static analysis framework and linting engine designed to inspect TypeScript codebases. It functions as a plugin suite that enables standard linting workflows to parse source code into abstract syntax trees, allowing for the automated enforcement of coding standards and the identification of potential bugs through a modular, rule-based visitor pattern. The engine distinguishes itself by integrating directly with the TypeScript compiler to perform type-aware analysis. By accessing compiler type information, it can identify complex errors and unsafe patterns that standard synta
Tinymist is a comprehensive suite of tools for Typst document authoring, serving as a language server, document compiler, and project manager. It provides a standardized language service via the Language Server Protocol to enable editor features such as autocompletion, navigation, and semantic highlighting. The project distinguishes itself by integrating a TCP-based live preview server for real-time visual rendering and an advanced static analysis tool that utilizes abstract syntax trees and bidirectional type checking. It also includes a project management system capable of handling multi-fi
Zed is a terminal-based code editor built in Rust that provides a full-featured editing experience with familiar keybindings, mouse support, and multiple cursors. It runs entirely in the terminal while offering capabilities typically found in graphical editors, including split panes, a command palette, and integrated language server protocol support for real-time diagnostics, completions, go-to-definition, and code actions across multiple languages. The editor distinguishes itself through a plugin system that runs sandboxed TypeScript plugins in a QuickJS runtime, with an asynchronous bridge
Reek is a static code analyzer for Ruby projects designed to identify design flaws and maintainability issues known as code smells. It functions as a quality assurance tool that inspects source code without executing it to find structural weaknesses and architectural debt. The analyzer identifies specific patterns such as large classes, long methods, and uncommunicative naming. It also detects more complex design issues, including feature envy, data clumps, simulated polymorphism, and control coupling. The tool includes capabilities for issue baselining to manage legacy code and configuratio
dprint is a multi-language code formatter that applies consistent styling across various programming languages using a pluggable architecture. It functions as a unified project style management tool, a command-line interface for continuous integration style enforcement, and a Language Server Protocol implementation for real-time formatting in editors. The project is distinguished by a WebAssembly-based plugin system that loads sandboxed formatting logic from URLs or file paths. It further extends its capabilities through a process-based tool integration that wraps external command-line interf
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Pyrefly is a static type checker for Python that operates as a language server, delivering real-time diagnostics, completions, and navigation in any editor supporting the Language Server Protocol. It also performs static tensor shape analysis, using symbolic dimension variables and arithmetic to verify shape consistency in deep learning models without runtime execution. Beyond core type checking, Pyrefly supports gradual adoption workflows: it can generate a baseline of known errors so only new issues are reported, migrate configuration from other type checkers, and automatically suppress exi
Dhall is a type-safe configuration language designed to create programmable configuration files that are guaranteed to terminate. It is a non-Turing-complete language that uses a strict type system to ensure correctness and prevent infinite loops during evaluation. The project functions as a deterministic configuration engine and marshalling tool, converting programmable expressions into static formats such as JSON, YAML, and Bash. It distinguishes itself through a focus on security and integrity, using semantic hashing to pin remote imports and enforcing origin policies to prevent data exfil
ZLS is a language server for the Zig language that implements the Language Server Protocol to provide IDE-like intelligence. It functions as a code intelligence provider, static code analysis tool, and automated refactoring engine for Zig projects. The server integrates directly with the Zig compiler toolchain to derive precise type information and perform semantic analysis. It uses this integration to surface real-time compilation errors as editor diagnostics and to provide semantic syntax highlighting based on resolved types rather than regex patterns. The project covers a wide range of de
go-ast-book is a collection of educational and technical resources focused on abstract syntax tree analysis, compiler development, and static code verification. It provides guides and manuals for parsing, traversing, and analyzing Go source code to extract semantic meaning. The project serves as a reference for building compiler frontends, covering the translation of high-level code into intermediate representations and single static assignment forms. It also provides instructions for using these techniques to develop language tooling and perform static code analysis. The resources cover a b
This project is a comprehensive educational resource and programming course covering C++ language semantics and features from C++03 through C++26. It provides structured tutorials and technical guides focused on modern C++ development. The material offers specialized instruction on template metaprogramming, including the use of type traits and compile-time computations. It features detailed guides on concurrency and parallelism for multi-core execution, as well as a reference for software design applying SOLID principles and RAII. Additionally, it covers build performance optimization to redu
GraphiQL is an interactive browser-based integrated development environment for writing, testing, and documenting GraphQL queries and mutations. It functions as a code editor, an API exploration tool, and a schema explorer, providing a visual interface for browsing GraphQL types and fields. The project provides a language server that delivers schema-driven autocompletion, linting, and validation via the Language Server Protocol. It allows for the embedding of high-performance editors into external projects and supports the injection of custom tools and components through a sidebar plugin API.
mypy is a static type checker for Python that analyzes source code to detect type errors and inconsistencies without executing the program. It functions as a static analysis tool and type inference engine, providing a gradual typing system that allows type hints to be added to a codebase incrementally while maintaining compatibility with dynamic typing. The project distinguishes itself through a combination of performance and precision features. It utilizes a daemon-based incremental checking system and multi-process parallel analysis to manage large codebases, supported by binary cache persi
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement