damien-list / phpmd
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD.
                                    Fund package maintenance!
                                                                            
                                                                                                                                        Tidelift
                                                                                    
                                                                
Installs: 91
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 343
pkg:composer/damien-list/phpmd
Requires
- php: >=5.3.9
- ext-xml: *
- pdepend/pdepend: ^2.5
Requires (Dev)
- gregwar/rst: ^1.0
- mikey179/vfsstream: ^1.6.4
- phpunit/phpunit: ^4.8.36 || ^5.7.27
- squizlabs/php_codesniffer: ^2.0
This package is auto-updated.
Last update: 2025-09-26 20:17:17 UTC
README
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
Installation
See https://phpmd.org/download/index.html
Command line usage
Type phpmd [filename|directory] [report format] [ruleset file], i.e:
mapi@arwen ~ $ phpmd php/PDepend/DbusUI/ xml rulesets.xml
While the rulesets.xml ruleset file could look like this:
<?xml version="1.0"?>
<ruleset name="My first PHPMD rule set"
         xmlns="http://pmd.sf.net/ruleset/1.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0
                       http://pmd.sf.net/ruleset_xml_schema.xsd"
         xsi:noNamespaceSchemaLocation="
                       http://pmd.sf.net/ruleset_xml_schema.xsd">
  <description>
    My custom rule set that checks my code...
  </description>
  <rule ref="rulesets/codesize.xml" />
  <rule ref="rulesets/cleancode.xml" />
  <rule ref="rulesets/controversial.xml" />
  <rule ref="rulesets/design.xml" />
  <rule ref="rulesets/naming.xml" />
  <rule ref="rulesets/unusedcode.xml" />
</ruleset>
The xml report would like like this:
<?xml version="1.0" encoding="UTF-8" ?>
<pmd version="0.0.1" timestamp="2009-12-19T22:17:18+01:00">
  <file name="/projects/pdepend/PHP/Depend/DbusUI/ResultPrinter.php">
    <violation beginline="81"
               endline="81"
               rule="UnusedFormalParameter"
               ruleset="Unused Code Rules"
               externalInfoUrl="https://phpmd.org/rules/unusedcode.html#unusedformalparameter"
               priority="3">
      Avoid unused parameters such as '$builder'.
    </violation>
  </file>
</pmd>
You can pass a file name or a directory name containing PHP source code to PHPMD.
The PHPMD Phar distribution includes the rule set files inside its archive, even if the "rulesets/codesize.xml" parameter above looks like a filesystem reference.
Command line options
- Notice that the default output is in XML, so you can redirect it to a file and XSLT it or whatever 
- You can also use shortened names to refer to the built-in rule sets, like this: - phpmd PHP/Depend/DbusUI/ xml codesize 
- The command line interface also accepts the following optional arguments: - --minimumpriority- The rule priority threshold; rules with lower priority than they will not be used.
- --reportfile- Sends the report output to the specified file, instead of the default output target- STDOUT.
- --suffixes- Comma-separated string of valid source code filename extensions, e.g. php,phtml.
- --exclude- Comma-separated string of patterns that are used to ignore directories.
- --strict- Also report those nodes with a @SuppressWarnings annotation.
- --ignore-violations-on-exit- will exit with a zero code, even if any violations are found.
 - An example command line: - phpmd PHP/Depend/DbusUI xml codesize --reportfile phpmd.xml --suffixes php,phtml 
Using multiple rule sets
PHPMD uses so called rule sets that configure/define a set of rules which will be applied against the source under test. The default distribution of PHPMD is already shipped with a few default sets, that can be used out-of-box. You can call PHPMD's cli tool with a set's name to apply this configuration:
~ $ phpmd /path/to/source text codesize
But what if you would like to apply more than one rule set against your source? You can also pass a list of rule set names, separated by comma to PHPMD's cli tool:
~ $ phpmd /path/to/source text codesize,unusedcode,naming
You can also mix custom rule set files with build-in rule sets:
~ $ phpmd /path/to/source text codesize,/my/rules.xml
That's it. With this behavior you can specify you own combination of rule sets that will check the source code.
Using multiple source files and folders
PHPMD also allowes you to specify multiple source directories in case you want to create one output for certain parts of your code
~ $ phpmd /path/to/code,index.php,/another/place/with/code text codesize
Exit codes
PHPMD's command line tool currently defines three different exit codes.
- 0, This exit code indicates that everything worked as expected. This means there was no error/exception and PHPMD hasn't detected any rule violation in the code under test.
- 1, This exit code indicates that an error/exception occured which has interrupted PHPMD during execution.
- 2, This exit code means that PHPMD has processed the code under test
without the occurence of an error/exception, but it has detected rule
violations in the analyzed source code. You can also prevent this behaviour
with the --ignore-violations-on-exitflag, which will result to a 0 even if any violations are found.
Renderers
At the moment PHPMD comes with the following renderers:
- xml, which formats the report as XML.
- text, simple textual format.
- html, single HTML file with possible problems.
- json, formats JSON report.
- ansi, a command line friendly format.
PHPMD for enterprise
Available as part of the Tidelift Subscription.
The maintainers of PHPMD and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.