[](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards) # PHPStan Static Analysis **Status**: ✅ Active | **Version**: 01.00.00 | **Last Updated**: 2026-05-07 ## Overview PHPStan static analysis is integrated into the **Joomla Extension CI** workflow as the `static-analysis` job. It runs after lint-and-validate passes and catches type errors, undefined methods, incorrect return types, and other bugs that PHP lint misses. ## Configuration ### Default Behavior (No Config File) If no `phpstan.neon` exists in the repo, PHPStan runs at **level 3** (type inference) against `src/`, `htdocs/`, or `lib/`. ### Custom Config Create `phpstan.neon` in the repo root: ```neon parameters: level: 5 paths: - src excludePaths: - src/vendor ignoreErrors: - '#Call to an undefined method#' ``` ### Analysis Levels | Level | What It Checks | |-------|---------------| | 0 | Basic checks (unknown classes, functions, methods) | | 1 | Possibly undefined variables | | 2 | Unknown methods on `$this` | | **3** | **Default — return types, type inference** | | 4 | Dead code, always true/false | | 5 | Argument types | | 6-9 | Increasingly strict | ## Behavior - **Non-blocking**: Uses `continue-on-error: true` — failures are reported but don't block PRs - **Incremental adoption**: Start at level 3, increase as codebase improves - **Auto-install**: PHPStan is installed if not in composer dependencies ## Related Documentation - [Joomla Extension CI](./ci-joomla.md) - [Security Audit](./security-audit.md) ## Changelog | Version | Date | Changes | |---------|------|---------| | 01.00.00 | 2026-05-07 | Initial release — level 3 default, non-blocking |