PHP Coding Standards: Rector, PHPStan, and Easy Coding Standard

What static analysis tools are available for PHP, how to install and configure Rector, PHPStan, and Easy Coding Standard, and how together they create consistently high-quality code with minimal effort.

You may have heard terms like static analysis, Rector, Easy Coding Standards, and PHPStan thrown around. But what are they, what do they actually do, and how do you use them?

Static analysis refers to the process of analysing source code without executing it. A static analysis tool looks at your code but doesn't run it — it reasons about what the code means rather than what it does at runtime.

The three tools

There are many static analysis tools for PHP, but this combination provides excellent coverage with minimal overlap:

Rector — Instant upgrade and automated refactoring of any PHP code
Easy Coding Standard — Use PHP-CS-Fixer and PHP_CodeSniffer rules with zero configuration knowledge required
PHPStan — Finds errors in your code without actually running it

Using these tools automates the process of finding problems. Run them from the terminal and they either fix problems automatically or tell you precisely where the problem is.

Rector

Rector is great at fixing or upgrading your code's functionality automatically.

composer require --dev rector/rector

Run it:

vendor/bin/rector p --ansi

To preview changes without applying them:

vendor/bin/rector p --dry-run --ansi

On first run, Rector will offer to create a rector.php config file. A solid general-purpose configuration:

return RectorConfig::configure()
    ->withPaths([
        __DIR__ . '/config',
        __DIR__ . '/public',
        __DIR__ . '/src',
        __DIR__ . '/tests',
    ])
    ->withSets([
        SetList::PHP_83,
        SetList::TYPE_DECLARATION,
        SetList::DEAD_CODE,
    ]);

A set is a collection of rules; a rule defines a specific code transformation. You don't need to write the rules — Rector ships with hundreds. Check the SetList class to see everything available.

Commit after each Rector run so you can revert if needed.

Easy Coding Standard

ECS is great at fixing your code's style and formatting.

composer require --dev symplify/easy-coding-standard

Check for issues:

vendor/bin/ecs check --ansi

Check and fix:

vendor/bin/ecs check --fix --ansi

On first run it will offer to generate an ecs.php config file. A working baseline:

return ECSConfig::configure()
    ->withPaths([
        __DIR__ . '/config',
        __DIR__ . '/public',
        __DIR__ . '/src',
        __DIR__ . '/tests',
    ])
    ->withPreparedSets(
        arrays: true,
        comments: true,
        docblocks: true,
        spaces: true,
        namespaces: true,
    );

PHPStan

PHPStan is great at finding errors and telling you precisely where they are.

composer require --dev phpstan/phpstan

Run it:

vendor/bin/phpstan analyse

PHPStan doesn't auto-generate its config file, so create phpstan.dist.neon manually:

parameters:
    level: 6
    paths:
        - bin/
        - config/
        - public/
        - src/
        - tests/

Level 6 is a solid starting point. Level 8 is the maximum but gets aggressive. The sweet spot for most projects is 6–7.

How the three tools complement each other

PHPStan finds logical errors and type issues — things that are wrong
Rector fixes functional issues and upgrades patterns — things that are outdated
ECS fixes formatting and style — things that look inconsistent

Together they produce excellent cross-coverage and result in clean, type-safe, consistently formatted code with minimal manual effort. Run them in CI as a gate on every PR and the quality floor of your codebase never drops.