Run PHPCS against code

Running a PHPCS scan against code, particularly third-party plugins and themes, can provide useful and actionable feedback on existing warnings and errors within the code.

Refer to the PHP_CodeSniffer Wiki for additional guidance on scanning code with PHPCS.

The following command example sets the appropriate standard (WordPress-VIP-Go), tells PHPCS to show the violation code for any violations(-s), show a progress bar (-p), cut the file paths down to be relative from the current directory (--basepath=.), and to ignore the vendor/ directory.

phpcs --standard=WordPress-VIP-Go -sp --basepath=. --ignore=vendor path/to/code/directory

Path to the directory or file to be scanned

PHPCS scans can be run against the contents of a directory or against a single file. The path value in a PHPCS command can be an absolute path or a relative path to the directory from which the PHPCS command is run.

If the user is in the directory Desktop in the terminal prompt, and the example-site repository has been cloned to Desktop/working-folder/example-site, the repository’s path value in the command will be working-folder/example-site.

Format command output

Command output can be formatted as a specific “Report Type”, and limited to specific ranges of severity levels. This command example demonstrates how to format the command output in columns as a CSV, and only output errors and warnings of severity level 6 or higher:

phpcs --standard=WordPress-VIP-Go -sp --basepath=. --ignore=vendor --warning-severity=6 --error-severity=6 --report=csv /path/to/code/directory/ | column -t -s, | less -S

Troubleshooting

A PHPCS scan might fail due to memory exhaustion when run against large amounts of code. To resolve this issue, scan smaller amounts of code (e.g. one plugin directory at a time).