Recently at my company we played around with static code analysers. What static code analysers basically do is what the name implies: doing code analysis like: Are there any unused methods? Are variables being used? Do closures have a return type?

For PHP there a few different code analysis tools like: PHPmd, Phan, Psalm. There are also SaaS solutions like Scutenizer-CI or SensioLabs Insight.

Although I’m a real fan of Scrutenizer-CI unfortunately I’m not allowed to use any SaaS solution at work so Scrutenizer and SensioLabs Insight were off the list.

We split the team into 3 groups and I started off with Phan but I wasn’t able to compile the ext-ast module so I switched over to Vimeo’s Psalm. Psalm is really easy to get started with.

    composer require --dev vimeo/psalm

Create a config file called psalm.xml like:


and then run:


or if you are using Symfony:


My first impression was that Psalm is responding aggressive on everything. My advice would be to take a good look at the configuration of psalm.

When you’re working on a project then you probably want to make sure that every new changed file is without code issues. By default Psalm cannot do this. You have two options:

  • Manually check each new file
  • Run the full scan on every file

Both options are not really doable. Luckily for us PHP developers there is a tool called GrumPHP. GrumPHP is a awesome tool made to do all kind of  checks on new and changed files. GrumPHP does not know yet how to deal Psalm by default. To resolve this issue I wrote a plugin called “grumphp-psalm“. It works very easy:

    composer require --dev weemen/grumphp-psalm

Open your grumphp.yml file and add:

  git_dir: .
  bin_dir: bin
       config: psalm.xml
    - Weemen\GrumPHPPsalm\Extension\Loader

That’s all, GrumPHP will now do static analysis on every new or changed file when you try to commit it.