30 open-source projects similar to phpstan/phpstan, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Phpstan alternative.
Phan is a static analyzer and type checker for PHP that identifies bugs and type incompatibilities without executing the code. It serves as a quality gate for continuous integration pipelines and a tool for verifying type safety, specifically checking union types, generics, and array shapes. The project is distinguished by its use of a background daemon and Language Server Protocol implementation, which provide real-time diagnostics and navigation within editors. It also features a baseline-based suppression system that allows developers to record existing errors in a snapshot file to focus e
Larastan is a static analysis extension and type inference engine for PHP designed to detect bugs and type errors in Laravel applications. It extends PHPStan to resolve framework-specific patterns and magic methods, providing a rule-based scanning engine to audit code quality without executing the application. The tool specializes in Eloquent analysis, verifying that model properties, casts, and relationships align with database schemas and migrations. It tracks types across Eloquent collections, custom builders, and model factories to ensure type safety during database operations and iterati
This project is a static analysis framework and linting engine designed to inspect TypeScript codebases. It functions as a plugin suite that enables standard linting workflows to parse source code into abstract syntax trees, allowing for the automated enforcement of coding standards and the identification of potential bugs through a modular, rule-based visitor pattern. The engine distinguishes itself by integrating directly with the TypeScript compiler to perform type-aware analysis. By accessing compiler type information, it can identify complex errors and unsafe patterns that standard synta
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma
Flow is a JavaScript static type checker and AST parser that identifies type errors and prevents runtime failures through static annotations. It functions as a code intelligence engine and a static analysis linter to identify unsafe coding patterns and enforce consistency across a codebase. The project includes a type annotation stripper that removes static type signatures from source code, ensuring the resulting JavaScript is compatible with any runtime environment. It also provides a parser that converts typed JavaScript into an abstract syntax tree conforming to the ESTree specification.
ast-grep is a command-line utility and static analysis engine designed for searching, linting, and refactoring source code. It operates by identifying and transforming code blocks based on their underlying syntactic structure rather than relying on text-based or regular expression matching. The tool utilizes a language-agnostic abstraction to normalize diverse programming grammars into a unified tree structure. By employing a rule-driven engine, it allows users to define complex patterns that capture syntax nodes as variables, enabling consistent and syntactically valid modifications across e
Detekt is a static analysis tool, code quality linter, and complexity analyzer for Kotlin source code. It functions as a code smell detector and static scanner designed to identify potential bugs, design flaws, and violations of coding standards without executing the program. The tool differentiates itself through the use of issue baselining, which allows users to create a snapshot of existing legacy code issues to filter out old violations and focus on preventing new regressions. It further supports extensibility via a plugin-based system that allows for the integration of custom rule sets a
This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibilit
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
Mago is a PHP static analysis tool, linter, and code formatter. It detects type errors, dead code, and logic bugs through advanced type inference and flow analysis, while providing a deterministic engine to rewrite source files according to style guides. The project distinguishes itself with a WebAssembly runtime that enables PHP analysis to execute entirely within a web browser, allowing results to be shared via URL. It also provides a minimal Dockerized toolchain distributed as a scratch image for consistent execution across different processor architectures. The toolset covers architectur
Ajv is a high-performance data validation framework that compiles JSON schemas into optimized, standalone JavaScript functions. By transforming declarative schema definitions into executable code, it eliminates runtime interpretation overhead and provides a secure, efficient way to enforce data integrity across both browser and server environments. The library distinguishes itself through its focus on performance and type safety. It employs advanced compilation techniques, including abstract syntax tree optimization and function caching, to ensure rapid validation. Beyond standard checks, it
This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic inconsistencies within Go codebases. It functions as a comprehensive quality assurance suite that executes multiple analysis tools concurrently to provide a unified diagnostic report. By parsing source code into a structured representation, the tool enforces coding standards, validates import structures, and ensures consistent formatting across entire projects. The tool distinguishes itself through its ability to automate the remediation of identified issues, applying programmatic fixes
Gitdiagram is a software architecture visualization tool that generates interactive diagrams from repository file hierarchies. By performing automated static code analysis, the system maps file structures and component dependencies to provide a visual representation of how different modules relate within a codebase. The platform functions as a searchable documentation catalog, allowing users to discover and explore architectural visualizations of public repositories. It combines server-side rendering for initial delivery with a client-side engine that enables users to dynamically manipulate a
This tool is a command-line utility designed to automatically detect and correct coding standard violations in PHP source files. It functions as a static analysis and refactoring engine that ensures consistent project-wide formatting by applying predefined community conventions or custom organizational rules. The project distinguishes itself through a modular rule-based engine that supports both automated style correction and codebase modernization. It allows developers to update legacy syntax to align with newer language versions and testing framework requirements, facilitating the adoption
PhpInsights is a static analysis tool and code quality analyzer for PHP. It evaluates source code to identify bugs, style violations, and technical debt without executing the application. The tool functions as a complexity metric utility, calculating architectural and cyclomatic complexity to locate overly complicated logic. It measures overall software health and maintainability by comparing code against industry standards. The system manages technical debt through rule-based validation and metric-driven scoring. It uses a static analysis engine to parse source code, delivering the results
mypy is a static type checker for Python that analyzes source code to detect type errors and inconsistencies without executing the program. It functions as a static analysis tool and type inference engine, providing a gradual typing system that allows type hints to be added to a codebase incrementally while maintaining compatibility with dynamic typing. The project distinguishes itself through a combination of performance and precision features. It utilizes a daemon-based incremental checking system and multi-process parallel analysis to manage large codebases, supported by binary cache persi
Pytype is a static code analysis tool and type inference engine for Python. It functions as a static type analyzer that detects type mismatches and verifies type annotations without requiring full manual hinting, while also serving as a type stub generator for producing standalone definition files. The project distinguishes itself by automatically determining variable and function types through an analysis of code patterns and assignments. This inference engine allows for structural code verification and the generation of type stubs that describe the interfaces of modules and functions. The
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin
ansible-lint is a static code analysis tool and linter designed to identify syntax errors and best practice violations within Ansible playbooks and roles. It functions as a quality gate for automation pipelines, scanning configuration files and scripts without executing the code to ensure reliability and consistency. The project distinguishes itself by acting as an automated code formatter that can correct identified linting issues and reformat files to meet community standards. It also serves as a dependency manager, automatically detecting and installing required roles and collections from
Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment. The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structur
The Dart SDK is a comprehensive development kit for building cross-platform applications using a multi-paradigm programming language. It provides a unified toolchain that supports both just-in-time compilation for rapid development and ahead-of-time compilation for high-performance native machine code. The platform is built on a sound static type system and an isolate-based concurrency framework, which executes independent tasks in separate memory heaps to achieve parallelism without shared state contention. The SDK distinguishes itself through a versatile compilation pipeline that transforms
HHVM is a high-performance execution engine and runtime environment designed for the Hack language. It functions as a persistent web application server that processes incoming network traffic, while also providing command-line utilities for executing standalone scripts and performing automated tasks. The project distinguishes itself through a sophisticated execution model that utilizes just-in-time compilation to translate bytecode into optimized machine code. This process is supported by a static type analysis engine that enforces strict data constraints and identifies type inconsistencies b
This project is a collection of Swift coding standards and static analysis rules designed to ensure consistency across Swift projects. It provides a defined set of naming conventions and structural guidelines to maintain a shared style for teams. The repository centers on a SwiftLint configuration used to automate the detection and correction of style violations in source code. This configuration enables automated style enforcement, ensuring that code adheres to organizational standards without requiring manual review. The guidelines cover the standardization of code formatting, naming, and
SublimeCodeIntel is a code intelligence plugin for the Sublime Text editor that provides symbol-based navigation, autocomplete, and function tooltips. It functions as an IDE feature extension and static code analysis engine, using a cross-language symbol indexer to track definitions across multiple files. The system implements static analysis tooling to map definitions and references without executing program code. This enables users to jump to symbol definitions across an entire project and receive real-time suggestions for modules and symbols while typing. The toolset covers broad capabili
Stylelint is a static code analysis tool and linter for CSS and style-like languages. It identifies errors, enforces coding conventions, and operates as a PostCSS plugin to validate stylesheets during build pipelines. The project distinguishes itself through support for non-standard syntaxes, including preprocessor parsing for SCSS and Less, and the ability to extract and lint embedded styles from JavaScript, HTML, and template literals. It features an automated fixing system that programmatically corrects repairable styling violations to ensure consistency. The system provides a plugin arch
This project is a React ESLint plugin and static analysis tool designed to validate React component syntax and enforce recommended framework patterns. It functions as a JavaScript static analysis utility that scans source code to identify errors and maintain consistent coding standards. The plugin focuses on the enforcement of React best practices and the prevention of common bugs, such as missing keys in iterators and improper prop usage. It provides a system for validating JSX syntax and style to ensure a uniform codebase. The tool covers broader capabilities in frontend code quality autom
This project is a comprehensive educational resource and programming guide for the TypeScript language. It serves as a manual for the type system and a reference for the language's core syntax, focusing on writing type-safe code and building scalable applications. The content provides detailed instruction on the TypeScript type system, covering interfaces, generics, and structural typing. It further acts as a compiler reference, analyzing how source code is transformed into an abstract syntax tree through scanning and parsing. The guide also covers software architecture design, detailing pro
This project is a dependency reduction tool and ESLint plugin designed to remove heavy utility libraries from JavaScript projects. It functions as a static analysis tool that identifies third-party library method calls and suggests native ECMAScript alternatives to decrease bundle size. The tool provides a curated replacement guide consisting of native JavaScript code snippets that replicate the behavior of common external utility functions. This allows developers to migrate older codebases to current language standards and reduce project complexity. The system integrates into the linting li