Skip to content

PHPCS analysis

PHP_CodeSniffer (PHPCS) is an independent utility that scans code using a variety of PHPCS standards.  

The VIP Code Analysis Bot is configured to run PHPCS using two standards, which are designed to reinforce the VIP coding best practices for writing secure, performant, and future-friendly code:

The Bot analyzes all PHP and JavaScript files altered or created in submitted pull requests using PHPCS. PHPCS feedback posted by the Bot pertains only to the altered (or new) sections of each file submitted. Unaltered files will not be analyzed. 

By default, the Bot uses the PHPCS severity level of 1, but this and other options are configurable. Each PHPCS standard includes one or more PHPCS sniffs, which can be enabled or disabled.

A more detailed explanation of errors and warnings for each severity level is available for interpreting PHPCS feedback.

An example of feedback from the Bot highlighting errors found by PHPCS scanning

PHPCompatibilityWP PHPCS standard

By default, the Bot will ask the PHPCompatibilityWP PHPCS standard to evaluate all code changes against the highest PHP version used by the environments to which the repository being analyzed deploys. Versions are determined dynamically by the PHPCS run-time option testVersion, which is provided to PHPCS on the command line during scanning.

Note

The PHPCompatibilityWP standard and its dependencies do not yet detect some PHP 8 incompatibilities. The upcoming release version 10.0.0 of the PHPCompatibility standard will remedy this.

Applications running more than one PHP version

Applications on VIP typically include multiple environments, which can run different versions of PHP. If an application includes environments that are running both PHP 7.4 and 8.0, the testVersion parameter will be set to 8.0- (the highest PHP version).

Applications only running PHP 7.4

For applications with environments where only PHP version 7.4 is running, testVersion will be set to 8.0- while scanning PHP files updated or added by pull requests using the PHPCS PHPCompatibilityWP standard. The purpose of this setting is to prepare applications for the upgrade to PHP 8.0 by helping to identify any incompatibilities in new or altered code due to language changes in PHP 8.0.

Local PHPCS analysis

VIP recommends installing the PHPCS utility locally and using the PHPCS  WordPress-VIP-Go standard. Adding PHPCS scans to a local workflow helps developers learn VIP best practices, leads to better experiences with the Bot, and fewer errors generated on submission to GitHub. Developers can identify and address issues and minimize or suppress any remaining errors or warnings before submitting a pull request.


Additions cannot be made to the available PHPCS standards, but suggestions for PHPCS standards can be submitted through VIP’s Feedback Portal 

Last updated: November 29, 2022