Skip to main content
WP HealthKit

PHPStan

PHPStan is a static analysis tool for PHP that finds bugs and type errors without running the code, with WordPress-specific extensions that understand the WordPress API.

How it works

PHPStan analyses your code at 9 strictness levels (0-8). It catches type mismatches, undefined variables, incorrect function signatures, and unreachable code. With the szepeviktor/phpstan-wordpress extension, it understands WordPress function signatures and return types.

In WordPress

WP HealthKit runs PHPStan at level 5 with WordPress stubs, catching type errors that could indicate bugs or security issues. For example, passing an integer to a function expecting a string for a database query could indicate a missing prepare() call.

Related terms

WP HealthKit checks for PHPStan-related vulnerabilities automatically

Run a Free Audit
What Is PHPStan? PHP Static Analysis for WordPress Plugins | WP HealthKit