PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations.




PHP Versions

Supported Languages

CSS JavaScript PHP

Official Documentation

YAML Configuration


  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:


    Note: If no coding standard is specified, PHP_CodeSniffer will default to checking against the PEAR coding standard which has the Generic.Files.LineEndings rule to use LF as EOL characters.

    This means PHP_CodeSniffer does not keep CRLF line endings and all EOL characters are converted to LF in files where the auto-fix is applied in such cases. So if this behavior does not suit your project, what you can do is one of the followings:

    • Specify Generic.Files.LineEndings to the --exclude option, for example:

            --exclude: Generic.Files.LineEndings
    • Prepare a custom coding standard and specify it to the --standard option, for example:

            --standard: myruleset.xml
      <?xml version="1.0"?>
      <ruleset name="Custom Standard">
        <rule ref="Generic.Files.LineEndings">
            <property name="eolChar" value="\r\n"/>
  • config-file:


  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.75 CPU with 2880 MiB RAM.

      Inspecode automatically specifies -d memory_limit=<limit> to PHP_CodeSniffer in order to configure the maximum amount of memory that PHP_CodeSniffer is allowed to allocate according to this value. Inspecode reserves 240 MiB RAM for system, and makes the rest of RAM available to PHP_CodeSniffer for memory allocation. For example, -d memory_limit=2640M is specified by default (for 0.75 CPU), -d memory_limit=5520M is specified for 1.5 CPU.

  • options:

    Below is the list of options that are supported:

    -n    Do not print warnings (shortcut for --warning-severity=0)
    -w    Print both warnings and errors (this is the default)
    -m    Stop error messages from being recorded
          (saves a lot of memory, but stops many reports from being used)
    --ignore-annotations  Ignore all phpcs: annotations in code comments
    <encoding>     The encoding of the files being checked (default is utf-8)
    <extensions>   A comma separated list of file extensions to check
                   (extension filtering only valid when checking a directory)
                   The type of the file can be specified using: ext/type
                   e.g., module/php,es/js
    <patterns>     A comma separated list of patterns to ignore files and directories
    <sniffs>       A comma separated list of sniff codes to include or exclude from checking
                   (all sniffs must be part of the specified standard)
    <severity>     The minimum severity required to display an error or warning
    <standard>     The name or path of the coding standard to use
    --runtime-set key value

    Note: As of now, --runtime-set can be used only for the following configuration options:

  • thresholds:

    • num-issues:

      No tool specific severity levels are available.

  • incremental:


    Note: The incremental analysis is disabled if any kinds of configuration files are changed. The files recognized as configuration files are as follows:

    • Installed paths:
      • Any files under directories specified to --runtime-set option for installed_paths key
    • Coding standard files:
      • Files specified to --standard option

    Note: The incremental analysis is disabled if external dependencies are required. See Resolving Dependencies about how the dependencies are resolved.

  • experimental:

    No tool specific experimental options are available.

YAML Examples

  • With default options:

        phpcs: default
  • With enabling auto-fixing and default options:

        phpcs: auto-fix
  • With custom machine:

            cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
  • With custom options:

            --error-severity: 1
            --warning-severity: 8

Resolving Dependencies

Inspecode automatically detects the following dependencies in your repository and tries to resolve them before running PHP_CodeSniffer:

  • Git Submodules

    Inspecode runs git submodule update --init --recursive at the root of your repository if .gitmodules is there.

  • Composer Packages

    Inspecode recursively searches your repository for composer.json and runs composer install --no-interaction --quiet at each directory containing the file.

As of now, Inspecode can download:

  • public Git/Subversion/Mercurial repositories
  • private Git repositories which:
    • belong to the same GitHub organization or Bitbucket team as the repository on which PHP_CodeSniffer runs
    • have been already registered to Inspecode
    • can be accessed via http://<hostname>/<path>, https://<hostname>/<path>, ssh://git@<hostname>/<path> or git@<hostname>:<path>

Note: If resolving dependencies fails due to some reasons, you can see the error log, however, Inspecode continues the process unless running PHP_CodeSniffer itself fails.

results matching ""

    No results matching ""