I am looking at doing some static code analysis of an exisiting PHP project, and I'm having trouble understanding the distinctions between PHP_CodeSniffer, PHPMD, and PHP Depend. Are these simply alternatives to the same problem, or do they complement each other in some ways? Why might a developer choose one over the other?
PHP Code Sniffer (PHPCS) is a package for syntax checking, available from PEAR. It can check code against defined rules covering anything from whitespace through doc comments to variable naming conventions and beyond.
In the Settings dialog, go to Editor > Inspections. From the inspections screen, expand the PHP | Quality tools node and enable “PHP CodeSniffer validation”. In the configuration pane that is now enabled, select “Custom” from the “Coding standard” dropdown, locate the ruleset configuration ( phpcs.
Shameless copy from http://phpqatools.org
pdepend
pdepend can generate a large set of software metrics from a given code base. These values can be used to measure the quality of a software project and they help to identify the parts of an application where a code refactoring should be applied.
phpmd
phpmd scans PHP source code and looks for potential problems such as possible bugs, dead code, suboptimal code, and overcomplicated expressions.
phpcs
phpcs tokenises PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. It is an essential development tool that ensures your code remains clean and consistent. It can also help prevent some common semantic errors made by developers.
So no, they are not just alternatives. PDepend and PMD focus on on software metrics while PHPCS defines rules based on patterns in the token stream. PDepend doesnt care the slightest about finding Coding Standard violations. You should use all three of them. If possible in your Continuous Integration server, for instance Jenkins.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With