3 minutes reading timeAlways code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live." ― John Woods
Code Quality is based on magic keywords such as readability, intelligibility, predictability, maintainability, optimization, compatibility and security. When coding, it is important to make sure that it is easy for others to understand, expand and shape, without losing functionality.
It’s more than just a code beauty contest, as there are a number of practical benefits to be gained from generating codes that not only we are able to handle. Here are a few useful tools that we love to use in our development.
The obligatory ones - without which our project would be in serious trouble
PHPLint
The PHPLint use the default PHP interpreter for syntax checking of files. You can also customize this with a separate config file. Nowadays, there are quite a few good IDEs that can indicate syntax errors, but it doesn't hurt to use such a tool, so there's an even lower chance of making a mistake.
Laravel Blade Linter
The Laravel Blade Linter is a Blade template syntax checker, which runs the PHP syntax checker in PHP files generated by the template engine. Again, we leave less chance for mistakes.
Local PHP Security Checker
The Local PHP Security Checker is based on a database maintained by developers to verify that the used PHP composer dependencies security is vulnerable or not. Therefore, it is important that the libs we use be always fresh.
The Incredibles - to achieve the impossible, the perfect code
CodeSniffer
The first outstanding tool is the CodeSniffer, which is responsible for maintaining the predefined code quality. It's based on a coding standard documentation that contains the rules that developers working on a given project must follow. You can work with predefined rule sets, but if you want to customize the project even more, you have the option to create your own.
The tool provides us with two scripts. For both, we can use a config file to select which part of our project to check. The phpcs tells you exactly where the breaches occurred based on the correct rule set, and phpcb can fix 80-90% of them. However, we need to be aware that we cannot fix more complex errors, we need to do them manually.
PHPStan
PHPStan is a static analysis tool, which analyzes your code without running it. The default config file is phpstan.neon, where you can set check levels and perform different depth scans on the code.
Its interesting, we can generate a baseline file from recurring errors that the tool ignores on subsequent runs. This way, you can even hook it up to an older big project right away, without having to list every single bug and deal with newly emerging bugs.
PHPUnit
The config file phpunit.xml can be used to write and run PHPUnit tests. Tests can be categorized into different test suites, but the basic goal in coding is to always run all our tests. It is able to generate code coverage reports that show what percentage of our code is covered by the test. You need a debugger tool to use this.
One of the biggest benefits of PHPUnit is that it ensures our code runs the way we programmed it. This also makes it easier to refactor the code, and we can use it braver next time.
The recommended way to use them
The Local PHP Security Checker is a command line tool, which we can download separately. Each of the other tools can be loaded as either local or global composer dependency, allowing developers to run on their own developer instances.
We recommend that you also link it to the CI/CD workflow of the version tracker you are using (be it GitHub, GitLab or Bitbucket).
The official pages of each tool have been linked everywhere, so if you wish to dive deeper, don't hesitate to read them!
