Lint with PHPStan #29
Conversation
tangrufus
added
enhancement
There was a problem hiding this comment.
Pull Request Overview
This PR adds PHPStan static analysis with maximum level strictness to the project, implementing comprehensive type checking and validation throughout the codebase.
Key Changes:
- Replaced loose type coercion with explicit type validation using
is_string(),is_array(), andis_int()/is_float()checks - Added PHPDoc type annotations for array parameters with specific key types
- Removed unsafe type casting patterns like
(string),(array), andempty()checks in favor of strict type validation
Reviewed Changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| phpstan.neon | Adds PHPStan configuration at max level |
| composer.json | Adds PHPStan dependencies and lint script |
| .github/workflows/lint.yml | Enables PHPStan in CI workflow |
| src/SoftwareFactory.php | Replaces type coercion with explicit validation for slug, type, and affected versions |
| src/RecordFactory.php | Adds strict type checking for all factory methods and removes Exception import |
| src/Record.php | Adds missing PHPDoc for references parameter |
| src/CvssFactory.php | Implements strict type validation with numeric score handling |
| src/CopyrightFactory.php | Replaces empty checks with explicit empty string comparisons |
| src/Client.php | Changes from get() to request() method and adds array validation |
| src/AffectedVersionsParser.php | Removes UNKNOWN constant and adds strict type validation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/SoftwareFactory.php
Outdated
| if (! is_array($rawAffectedVersions)) { | ||
| return null; | ||
| } | ||
| $rawAffectedVersions = array_filter($rawAffectedVersions, static fn (mixed $d) => is_array($d)); |
There was a problem hiding this comment.
The arrow function should use 'is_array' as a string callback for consistency with line 85 in RecordFactory.php and line 103 in RecordFactory.php, which use string callbacks 'is_array' and 'is_string' respectively. This improves performance by avoiding closure creation.
| $rawAffectedVersions = array_filter($rawAffectedVersions, static fn (mixed $d) => is_array($d)); | |
| $rawAffectedVersions = array_filter($rawAffectedVersions, 'is_array'); |
src/RecordFactory.php
Outdated
| if (! is_array($rawSoftwares)) { | ||
| return []; | ||
| } | ||
| $rawSoftwares = array_filter($rawSoftwares, 'is_array'); |
There was a problem hiding this comment.
Consider adding a type hint for the arrow function on line 88 to match the filtered type. The parameter should be typed as array since line 85 ensures only arrays remain: fn (array $datum): ?Software =>
| private array $cache = []; | ||
|
|
||
| public function make(mixed $data): ?Copyright | ||
| public function make(mixed $data): ?Copyright // TODO! |
There was a problem hiding this comment.
The TODO comment lacks context about what needs to be done. Consider adding a descriptive explanation, such as '// TODO: Add type validation for $data parameter' or remove if the type validation has been completed in this PR.
| public function make(mixed $data): ?Copyright // TODO! | |
| public function make(mixed $data): ?Copyright |
| return $this->http->request( | ||
| 'GET', |
There was a problem hiding this comment.
The change from get() to request('GET', ...) is less idiomatic for Guzzle HTTP client. The get() method is the standard shorthand for GET requests and should be preferred unless there's a specific reason to use the generic request() method.
| return $this->http->request( | |
| 'GET', | |
| return $this->http->get( |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #29 +/- ##
============================================
- Coverage 89.56% 89.15% -0.41%
- Complexity 64 83 +19
============================================
Files 13 13
Lines 182 212 +30
============================================
+ Hits 163 189 +26
- Misses 19 23 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
tangrufus
added
bug
No description provided.