DEV.co
Open-Source Testing · phpstan

phpstan-symfony

PHPStan Symfony is a static code analysis extension that integrates Symfony framework-specific type checking into PHPStan. It resolves return types for Symfony container methods, console commands, messaging, caching, and form handling, catching type errors at analysis time rather than runtime.

Source: GitHub — github.com/phpstan/phpstan-symfony
795
GitHub stars
101
Forks
PHP
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryphpstan/phpstan-symfony
Ownerphpstan
Primary languagePHP
LicenseMIT — OSI-approved
Stars795
Forks101
Open issues74
Latest release2.0.20 (2026-06-16)
Last updated2026-07-08
Sourcehttps://github.com/phpstan/phpstan-symfony

What phpstan-symfony is

A PHPStan extension providing Symfony-aware type inference for DI container, request/response objects, console input/output, messenger handlers, serializers, and form APIs. Requires containerXmlPath configuration pointing to Symfony's compiled container XML and optional console application loader for command argument validation.

Quickstart

Get the phpstan-symfony source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/phpstan/phpstan-symfony.gitcd phpstan-symfony# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Symfony DI Container Type Safety

Validate calls to ContainerInterface::get(), Controller::get(), and parameter retrieval with correct inferred return types; detect unregistered or private service access before runtime.

Console Command Argument/Option Validation

Verify correct usage of InputInterface methods with type-aware argument/option access; detect undefined arguments or options in command handlers via consoleApplicationLoader config.

Symfony Messenger & CQRS Pattern Support

Infer correct return types for HandleTrait wrappers in query buses and command buses, enabling type-safe CQRS implementations with automatic handler return type resolution.

Implementation considerations

  • Requires Symfony application to build and commit containerXmlPath (var/cache/dev/App_KernelDevDebugContainer.xml or similar); CI/CD must regenerate if container changes.
  • Optional consoleApplicationLoader requires bootstrapping full Kernel; may conflict with PhpParser namespaces (documented workaround: disable inlining via phpstan_env).
  • Configuration split: extension.neon for basic type inference; rules.neon for stricter Symfony framework checks—choose appropriate level for team tolerance.
  • constantHassers parameter may hide genuine errors when toggled off for optional dependencies; document rationale if disabled.
  • Messenger handleTraitWrappers requires explicit registration of custom bus methods; bus implementations must match interface signatures for type inference.

When to avoid it — and what to weigh

  • Non-Symfony PHP Projects — Extension is Symfony-specific; provides no value in generic PHP codebases or other frameworks. Use base PHPStan or framework-agnostic alternatives.
  • Lightweight Analysis Requirements — Configuration overhead (containerXmlPath, optional consoleApplicationLoader) and cached XML dependency adds setup complexity if quick, minimal static analysis is the goal.
  • Projects Without Compiled Container XML — Requires Symfony to generate containerXmlPath (typically var/cache/dev/). Legacy or non-standard Symfony setups may not produce compatible XML, blocking analysis.
  • Dynamic or Highly Customized Containers — Analysis accuracy depends on static XML snapshot; runtime-generated services or factory patterns outside standard DI may not be reflected in container state PHPStan sees.

License & commercial use

MIT License (OSI-compliant, permissive). Allows commercial use, modification, and distribution with attribution; no copyleft obligations.

MIT is a permissive OSI license permitting unrestricted commercial use. No license-based barriers to adoption in commercial Symfony projects; ensure PHPStan itself is appropriately licensed for your use case.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

No security exploits or vulnerabilities detailed in provided data. As a dev-time static analysis tool, security posture depends on: (1) PHPStan core updates and security practices, (2) containerXmlPath XML integrity (ensure cache not tampered), (3) consoleApplicationLoader script execution (runs Kernel bootstrapping—audit for untrusted code). No embedded crypto, no network calls documented.

Alternatives to consider

Psalm (with Symfony stubs)

Alternative static analyzer with community-maintained Symfony type stubs; may require manual stub updates but supports similar container/service type checking.

PHPStan alone (base rules)

Generic static analysis without Symfony-specific inference; simpler setup but loses container type safety, command argument validation, and messenger return type inference.

IDEs with Symfony plugins (PhpStorm, VS Code Intelephense)

Real-time IDE-based type checking with Symfony extensions; interactive but less suitable for CI/CD automation and project-wide policy enforcement.

Software development agency

Build on phpstan-symfony with DEV.co software developers

Integrate PHPStan Symfony into your CI/CD pipeline to catch type errors early, validate DI container usage, and enforce Symfony framework best practices. Get started with Composer today.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

phpstan-symfony FAQ

What happens if I forget to configure containerXmlPath?
Extension will not resolve container service types correctly; calls to get() and has() will lose type inference, reducing the value of the extension.
Does this replace PHPStan, or is it an add-on?
It is an extension for PHPStan. You must install PHPStan first (typically phpstan/phpstan); phpstan-symfony adds Symfony-aware rules on top.
Can I use this with Symfony 3.x or 6.x?
README documents Symfony 4, 4.2+, 5, 5.3+. Symfony 6.x compatibility Not clearly stated; requires verification with phpstan-symfony 2.0.20 release notes or testing.
Is consoleApplicationLoader required?
No, it is optional. Without it, console command argument/option validation and getArgument/getOption typing are disabled. Enable only if you want stricter console analysis.

Software development & web development with DEV.co

Need help beyond evaluating phpstan-symfony? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source testing integrations — and maintain them long-term.

Strengthen Your Symfony Codebase

Integrate PHPStan Symfony into your CI/CD pipeline to catch type errors early, validate DI container usage, and enforce Symfony framework best practices. Get started with Composer today.