phpcs

Sniff the specified directory for issues (defaults to the PEAR standard)

$ phpcs [path/to/directory]

$ phpcs -i

$ phpcs [path/to/directory] --standard [standard]

$ phpcs [path/to/directory] --extensions [file_extension1,file_extension2,...]

$ phpcs [path/to/directory] --report [format]

$ phpcs [path/to/directory] --config-set [key] [value]

$ phpcs [path/to/directory] --bootstrap [path/to/file1,path/to/file2,...]

$ phpcs [path/to/directory] -l

phpcs [options] [files_or_directories...]

Common Usage:
phpcs --standard=PSR12 /path/to/code/
phpcs --standard=MyStandard --report=summary file.php
phpcs --stdin-path=example.php < code.php

--standard=
    Specifies the coding standard(s) to use. Can be a predefined standard (e.g., PSR12), a path to a custom standard, or a comma-separated list.

--report=
    Defines the output report format (e.g., full, summary, json, xml, checkstyle).

--report-file=
    Writes the generated report to the specified file instead of stdout.

-n, --no-warnings
    Prevents the display of warnings in the report.

-w, --warnings
    Shows warnings in the report (this is the default behavior).

-e, --errors
    Limits the report to only show errors, suppressing warnings.

-v, --verbose
    Increases the verbosity of the output, showing more details about the processing.

-s, --sniffs
    Displays the sniff code for each violation in the report, useful for pinpointing exact rules.

--ignore=
    A comma-separated list of file or directory patterns to ignore during the scan. Patterns can contain wildcards.

--exclude=
    Excludes specific sniffs from being run, specified by their full sniff code (e.g., Generic.Files.LineLength).

--sniffs=
    Only runs the specified sniffs, given as a comma-separated list of sniff codes.

--tab-width=
    Sets the number of spaces that a tab character represents for the purpose of sniff analysis.

--encoding=
    Specifies the character encoding of the files being scanned.

--version
    Displays the current version of PHP_CodeSniffer.

--help
    Shows the comprehensive help message for the command.

--long-list-standards
    Lists all installed coding standards that are available for use.

--long-list-sniffs
    Lists all available sniffs, categorized by standard.

--severity=
    Sets the minimum severity level (1-5) for errors and warnings to be reported.

--error-severity=
    Sets the minimum severity level (1-5) for errors to be reported.

--warning-severity=
    Sets the minimum severity level (1-5) for warnings to be reported.

--colors
    Enables colorized output for better readability in terminals.

--cache
    Uses a cache file to speed up subsequent scans of unchanged files.

--clear-cache
    Deletes the cache file before starting the scan.

--progress
    Displays a progress bar during the scanning process.

--config-set
    Sets a global configuration option for PHP_CodeSniffer.

--config-show
    Displays all current global configuration options.

--stdin-path=
    When processing input from stdin, treats the content as if it originated from the specified path.

phpcs, short for PHP CodeSniffer, is a powerful development tool designed to detect violations of a defined coding standard within PHP, JavaScript, and CSS files. It serves as an essential component in maintaining code quality and consistency across projects and teams. By checking code against a set of rules, known as "sniffs," grouped into "standards" (e.g., PSR-1, PSR-12, Zend, Squiz), phpcs helps developers adhere to agreed-upon formatting guidelines, best practices, and potential common errors.

It can analyze individual files, entire directories, or even process input from stdin. The tool offers various reporting formats, from a detailed full report to concise summaries, XML, or JSON, making it suitable for integration into diverse workflows. phpcs is frequently used within Continuous Integration (CI/CD) pipelines to automate code quality checks, and its integration into popular Integrated Development Environments (IDEs) provides real-time feedback to developers. It is often used in conjunction with phpcbf (PHP Code Beautifier and Fixer), which can automatically correct many of the issues detected by phpcs, streamlining the code review and development process.

While powerful, phpcs has a few considerations:
Performance: Scanning large codebases without caching can be resource-intensive and time-consuming.
Dependencies: Requires a PHP environment to run.
Scope: Primarily focused on coding style and basic syntax correctness. It is not a comprehensive static analysis tool for complex logical errors or security vulnerabilities, though some sniffs may address these.
Customization complexity: Creating complex custom standards or sniffs requires a good understanding of PHP and the PHP_CodeSniffer API.

phpcs supports project-specific configuration via XML files named phpcs.xml or phpcs.xml.dist located in the project's root directory. These files allow users to define default coding standards, include or exclude specific sniffs, ignore certain paths, and set various other options, ensuring consistent scanning behavior across different development environments.

phpcs is widely integrated into modern Integrated Development Environments (IDEs) like PhpStorm and VS Code, providing real-time linting and immediate feedback on coding standard violations as code is written. Furthermore, it is a common fixture in Continuous Integration and Continuous Delivery (CI/CD) pipelines (e.g., Jenkins, GitHub Actions), where it automates code quality checks as part of the build or deployment process, helping to maintain high code quality before merging or deploying code.

PHP_CodeSniffer was originally developed by Squiz and first released in 2006, quickly becoming a fundamental tool for enforcing coding standards in the PHP ecosystem. Its development has been closely tied to the evolution of PHP coding practices, notably by incorporating and influencing standards from the PHP-FIG (Framework Interop Group), such as PSR-1, PSR-2, and later PSR-12. Initially distributed via PEAR, its installation largely transitioned to Composer, reflecting modern PHP dependency management practices. Over the years, it has seen continuous improvement in performance, extensibility, and the breadth of its built-in sniffs, solidifying its position as the go-to utility for PHP code quality checks.

phpcbf(1): PHP Code Beautifier and Fixer, the companion tool for automatically fixing detected coding standard violations., grep(1): A command-line utility for searching plain-text data sets for lines that match a regular expression. Useful for filtering phpcs output., find(1): Searches for files in a directory hierarchy. Can be used to generate lists of files for phpcs to scan., xargs(1): Builds and executes command lines from standard input. Often used with find to pipe file lists to phpcs.