Install PHPStan and configure for Laravel application

  • avatar
  • 3 mins read

Unlike compiled languages, in PHP if you make a mistake, the program will crash when the line of code with the mistake is executed. When testing a PHP application, whether manually or automatically, developers spend a lot of their time discovering mistakes that wouldn’t even compile in other languages, leaving less time for testing actual business logic.

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.


PHPStan is installed as a package using Composer. Take a look on how to install Composer on your computer if you don't have it yet.

Optionally you can setup a new Laravel project and analyse it with PHPStan, checkout on how to create your first Laravel project.

Installation & First run

To start performing analysis on your code, require PHPStan in Composer:

composer require --dev phpstan/phpstan

PHPStan is only needed during development and testing stages. That why we use the --dev option and include the package only in require-dev.

After a successful download, to let PHPStan analyse your code base, you have to use the analyse command and point it to the right directory, e.g., app:

vendor/bin/phpstan analyse app

PHPStan will probably find and print some errors.

Configuration file

PHPStan executable allows different options to be passed directly from the command line. But it's always a good idea to have a separate configuration file rather than overcomplicating a command.

A config file can be passed to the executable using the -c|--configuration option. Otherwise, it will look for files named phpstan.neon or phpstan.neon.dist in current directory. The structure of the file looks like the following:

- app
- tests
level: 7
inferPrivatePropertyTypeFromConstructor: true
checkMissingIterableValueType: false
- %currentWorkingDirectory%/app/Providers/*
- '#Access to an undefined property App\Http\Requests\(.*)::$.*#'
- '#(.*)should return Illuminate\Http\RedirectResponse but returns Illuminate\Http\RedirectResponse|Illuminate\Routing\Redirector#'
- '#Access to an undefined property App\Models(.*)::$.*#'
- '#Call to an undefined method App\Models(.*)::.*#'
- '#Call to an undefined static method App\Models(.*)::.*#'
- '#Call to an undefined method Illuminate\(.*)::.*#'
- '#Call to an undefined static method Illuminate\(.*)::.*#'

This configuration file is adapted for Laravel application. We are going to analyse app and tests paths with level 7 (0 is the loosest and 9 is the strictest) excluding Providers directory from the scan. Ignored errors include common use cases for Laravel as facades, form requests, magic methods usage, type declaration issues, etc...

More options and detailed descriptions are available in the official config reference.

Executing application analysis

There is an easy way to execute PHPStan analysis and avoid writing the full command every time. Composer scripts feature will help us with that. A script can be defined in composer.json file as a shortcut to the executable:

"scripts": {
"analyse": [
"vendor/bin/phpstan analyse -c phpstan.neon"

It will allow us to run the analysis using our configuration file with just two words:

composer analyse

Besides, we will be able to add more steps and actions (if needed) to the analyse command.

 Join Our Monthly Newsletter

Get the latest news and popular articles to your inbox every month

We never send SPAM nor unsolicited emails


Leave a Reply

Your email address will not be published.

Replying to the message: View original

Hey visitor! Unlock access to featured articles, remove ads and much more - it's free.