A static analysis tool for finding errors and security vulnerabilities in PHP applications.
Psalm is a static analysis tool for PHP that scans code to find errors, type mismatches, and security vulnerabilities without running the application. It helps developers catch bugs early, improve code reliability, and enforce coding standards through comprehensive static analysis.
PHP developers and teams working on medium to large codebases who need to maintain code quality, prevent bugs, and ensure security in their applications.
Developers choose Psalm for its deep type analysis, ability to catch complex bugs early, and seamless integration into development workflows, making it a robust alternative to runtime testing for improving PHP code safety.
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Psalm offers deep type inference and validation, catching complex type mismatches that prevent runtime errors, as emphasized in its type checking feature.
It identifies security issues and unsafe coding practices early, helping to mitigate risks like SQL injection, which aligns with its security scanning capabilities.
Psalm works with popular IDEs for real-time feedback, streamlining development by catching errors as code is written, as noted in its integration features.
Allows configuration of analysis levels and custom rule sets, making it adaptable to various project needs and coding standards, as highlighted in the key features.
The README states Psalm is maintained by a single active developer, which risks slower updates and support if the maintainer becomes unavailable.
Configuring Psalm for large or legacy codebases can be time-consuming, requiring detailed adjustments to handle edge cases and suppress false positives.
Static analysis on large codebases can be resource-intensive, potentially slowing down development workflows or CI/CD pipelines, a common trade-off with comprehensive tools.