Skip to content

psalm

GitHub stars sarif GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

psalm documentation

psalm - GitHub

Configuration in MegaLinter

Variable Description Default value
PHP_PSALM_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
PHP_PSALM_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
PHP_PSALM_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
PHP_PSALM_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
PHP_PSALM_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- list_of_files: Call the linter with the list of files as argument
- project: Call the linter from the root of the project
list_of_files
PHP_PSALM_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".php"]
PHP_PSALM_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
PHP_PSALM_PRE_COMMANDS List of bash commands to run before the linter None
PHP_PSALM_POST_COMMANDS List of bash commands to run after the linter None
PHP_PSALM_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling PHP_PSALM and its pre/post commands None
PHP_PSALM_CONFIG_FILE psalm configuration file nameUse LINTER_DEFAULT to let the linter find it psalm.xml
PHP_PSALM_RULES_PATH Path where to find linter configuration file Workspace folder, then MegaLinter default rules
PHP_PSALM_DISABLE_ERRORS Run linter but consider errors as warnings false
PHP_PSALM_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
PHP_PSALM_CLI_EXECUTABLE Override CLI executable ['psalm']

IDE Integration

Use psalm in your favorite IDE to catch errors before MegaLinter !

IDE Extension Name Install
IDEA PHPStan / Psalm / Generics
Visual Studio Code Psalm VSCode Plugin Install in VSCode

MegaLinter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 121 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 84 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 54 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File extensions: .php

How the linting is performed

  • psalm is called once with the list of files as arguments (list_of_files CLI lint mode)

Example calls

psalm myfile.php
psalm myfile.php mydir/
psalm --config=psalm.xml myfile.php
psalm --config=psalm.xml myfile.php mydir/

Help content

Usage:
    psalm [options] [file...]

Basic configuration:
    -c, --config=psalm.xml
        Path to a psalm.xml configuration file. Run psalm --init to create one.

    --use-ini-defaults
        Use PHP-provided ini defaults for memory and error display

    --memory-limit=LIMIT
        Use a specific memory limit. Cannot be combined with --use-ini-defaults

    --disable-extension=[extension]
        Used to disable certain extensions while Psalm is running.

    --threads=INT
        If greater than one, Psalm will run analysis on multiple threads, speeding things up.

    --no-diff
        Turns off Psalm’s diff mode, checks all files regardless of whether they’ve changed.

    --php-version=PHP_VERSION
        Explicitly set PHP version to analyse code against.

    --error-level=ERROR_LEVEL
        Set the error reporting level

Surfacing issues:
    --show-info[=BOOLEAN]
        Show non-exception parser findings (defaults to false).

    --show-snippet[=true]
        Show code snippets with errors. Options are 'true' or 'false'

    --find-dead-code[=auto]
    --find-unused-code[=auto]
        Look for unused code. Options are 'auto' or 'always'. If no value is specified, default is 'auto'

    --find-unused-psalm-suppress
        Finds all @psalm-suppress annotations that aren’t used

    --find-references-to=[class|method|property]
        Searches the codebase for references to the given fully-qualified class or method,
        where method is in the format class::methodName

    --no-suggestions
        Hide suggestions

    --taint-analysis
        Run Psalm in taint analysis mode – see https://psalm.dev/docs/security_analysis for more info

    --dump-taint-graph=OUTPUT_PATH
        Output the taint graph using the DOT language – requires --taint-analysis

Issue baselines:
    --set-baseline=PATH
        Save all current error level issues to a file, to mark them as info in subsequent runs

        Add --include-php-versions to also include a list of PHP extension versions

    --use-baseline=PATH
        Allows you to use a baseline other than the default baseline provided in your config

    --ignore-baseline
        Ignore the error baseline

    --update-baseline
        Update the baseline by removing fixed issues. This will not add new issues to the baseline

        Add --include-php-versions to also include a list of PHP extension versions

Plugins:
    --plugin=PATH
        Executes a plugin, an alternative to using the Psalm config

Output:
    -m, --monochrome
        Enable monochrome output

    --output-format=console
        Changes the output format.
        Available formats: compact, console, text, emacs, json, pylint, xml, checkstyle, junit, sonarqube,
                           github, phpstorm, codeclimate, by-issue-level

    --no-progress
        Disable the progress indicator

    --long-progress
        Use a progress indicator suitable for Continuous Integration logs

    --stats
        Shows a breakdown of Psalm’s ability to infer types in the codebase

Reports:
    --report=PATH
        The path where to output report file. The output format is based on the file extension.
        (Currently supported formats: ".json", ".xml", ".txt", ".emacs", ".pylint", ".console",
        ".sarif", "checkstyle.xml", "sonarqube.json", "codeclimate.json", "summary.json", "junit.xml")

    --report-show-info[=BOOLEAN]
        Whether the report should include non-errors in its output (defaults to true)

Caching:
    --clear-cache
        Clears all cache files that Psalm uses for this specific project

    --clear-global-cache
        Clears all cache files that Psalm uses for all projects

    --no-cache
        Runs Psalm without using cache

    --no-reflection-cache
        Runs Psalm without using cached representations of unchanged classes and files.
        Useful if you want the afterClassLikeVisit plugin hook to run every time you visit a file.

    --no-file-cache
        Runs Psalm without using caching every single file for later diffing.
        This reduces the space Psalm uses on disk and file I/O.

Miscellaneous:
    -h, --help
        Display this help message

    -v, --version
        Display the Psalm version

    -i, --init [source_dir=src] [level=3]
        Create a psalm config file in the current directory that points to [source_dir]
        at the required level, from 1, most strict, to 8, most permissive.

    --debug
        Debug information

    --debug-by-line
        Debug information on a line-by-line level

    --debug-emitted-issues
        Print a php backtrace to stderr when emitting issues.

    -r, --root
        If running Psalm globally you’ll need to specify a project root. Defaults to cwd

    --generate-json-map=PATH
        Generate a map of node references and types in JSON format, saved to the given path.

    --generate-stubs=PATH
        Generate stubs for the project and dump the file in the given path

    --shepherd[=endpoint]
        Send analysis statistics to Shepherd (shepherd.dev) or your server.

    --alter
        Run Psalter

    --language-server
        Run Psalm Language Server

Installation on mega-linter Docker image

  • Dockerfile commands :
# Parent descriptor install
RUN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" \
    && export GITHUB_AUTH_TOKEN \
    && wget --tries=5 -q -O phive.phar https://phar.io/releases/phive.phar \
    && wget --tries=5 -q -O phive.phar.asc https://phar.io/releases/phive.phar.asc \
    && PHAR_KEY_ID="0x6AF725270AB81E04D79442549D8A98B29B2D5D79" \
    && ( gpg --keyserver hkps://keys.openpgp.org --recv-keys "$PHAR_KEY_ID" \
       || gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "$PHAR_KEY_ID" \
       || gpg --keyserver keyserver.pgp.com --recv-keys "$PHAR_KEY_ID" \
       || gpg --keyserver pgp.mit.edu --recv-keys "$PHAR_KEY_ID" ) \
    && gpg --verify phive.phar.asc phive.phar \
    && chmod +x phive.phar \
    && mv phive.phar /usr/local/bin/phive \
    && rm phive.phar.asc \
    && update-alternatives --install /usr/bin/php php /usr/bin/php81 110

# Linter install
RUN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5