phpstan-symfony
PHPStan Symfony is a static code analysis extension that integrates Symfony framework-specific type checking into PHPStan. It resolves return types for Symfony container methods, console commands, messaging, caching, and form handling, catching type errors at analysis time rather than runtime.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | phpstan/phpstan-symfony |
| Owner | phpstan |
| Primary language | PHP |
| License | MIT — OSI-approved |
| Stars | 795 |
| Forks | 101 |
| Open issues | 74 |
| Latest release | 2.0.20 (2026-06-16) |
| Last updated | 2026-07-08 |
| Source | https://github.com/phpstan/phpstan-symfony |
What phpstan-symfony is
A PHPStan extension providing Symfony-aware type inference for DI container, request/response objects, console input/output, messenger handlers, serializers, and form APIs. Requires containerXmlPath configuration pointing to Symfony's compiled container XML and optional console application loader for command argument validation.
Get the phpstan-symfony source
Clone the repository and explore it locally.
git clone https://github.com/phpstan/phpstan-symfony.gitcd phpstan-symfony# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Symfony application to build and commit containerXmlPath (var/cache/dev/App_KernelDevDebugContainer.xml or similar); CI/CD must regenerate if container changes.
- Optional consoleApplicationLoader requires bootstrapping full Kernel; may conflict with PhpParser namespaces (documented workaround: disable inlining via phpstan_env).
- Configuration split: extension.neon for basic type inference; rules.neon for stricter Symfony framework checks—choose appropriate level for team tolerance.
- constantHassers parameter may hide genuine errors when toggled off for optional dependencies; document rationale if disabled.
- Messenger handleTraitWrappers requires explicit registration of custom bus methods; bus implementations must match interface signatures for type inference.
When to avoid it — and what to weigh
- Non-Symfony PHP Projects — Extension is Symfony-specific; provides no value in generic PHP codebases or other frameworks. Use base PHPStan or framework-agnostic alternatives.
- Lightweight Analysis Requirements — Configuration overhead (containerXmlPath, optional consoleApplicationLoader) and cached XML dependency adds setup complexity if quick, minimal static analysis is the goal.
- Projects Without Compiled Container XML — Requires Symfony to generate containerXmlPath (typically var/cache/dev/). Legacy or non-standard Symfony setups may not produce compatible XML, blocking analysis.
- Dynamic or Highly Customized Containers — Analysis accuracy depends on static XML snapshot; runtime-generated services or factory patterns outside standard DI may not be reflected in container state PHPStan sees.
License & commercial use
MIT License (OSI-compliant, permissive). Allows commercial use, modification, and distribution with attribution; no copyleft obligations.
MIT is a permissive OSI license permitting unrestricted commercial use. No license-based barriers to adoption in commercial Symfony projects; ensure PHPStan itself is appropriately licensed for your use case.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
No security exploits or vulnerabilities detailed in provided data. As a dev-time static analysis tool, security posture depends on: (1) PHPStan core updates and security practices, (2) containerXmlPath XML integrity (ensure cache not tampered), (3) consoleApplicationLoader script execution (runs Kernel bootstrapping—audit for untrusted code). No embedded crypto, no network calls documented.
Alternatives to consider
Psalm (with Symfony stubs)
Alternative static analyzer with community-maintained Symfony type stubs; may require manual stub updates but supports similar container/service type checking.
PHPStan alone (base rules)
Generic static analysis without Symfony-specific inference; simpler setup but loses container type safety, command argument validation, and messenger return type inference.
IDEs with Symfony plugins (PhpStorm, VS Code Intelephense)
Real-time IDE-based type checking with Symfony extensions; interactive but less suitable for CI/CD automation and project-wide policy enforcement.
Build on phpstan-symfony with DEV.co software developers
Integrate PHPStan Symfony into your CI/CD pipeline to catch type errors early, validate DI container usage, and enforce Symfony framework best practices. Get started with Composer today.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
phpstan-symfony FAQ
What happens if I forget to configure containerXmlPath?
Does this replace PHPStan, or is it an add-on?
Can I use this with Symfony 3.x or 6.x?
Is consoleApplicationLoader required?
Software development & web development with DEV.co
Need help beyond evaluating phpstan-symfony? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source testing integrations — and maintain them long-term.
Strengthen Your Symfony Codebase
Integrate PHPStan Symfony into your CI/CD pipeline to catch type errors early, validate DI container usage, and enforce Symfony framework best practices. Get started with Composer today.