Linting Talk ============ What is linting --------------- A linter or lint refers to tools that analyze source code to flag programming errors, bugs, stylistic errors, and suspicious constructs. The term originates from a Unix utility that examined C language source code. — https://en.wikipedia.org/wiki/Lint_(software) Why do I need it? ----------------- * Prevent syntax errors = 500 http error in production. * Prevent bugs. * Validate coding guideline = Prevent unnecessary merge conflicts. * Reduce complexity and mental overhead. What to lint ------------ PHP ^^^ * PHP Native Local:: php -l broken.php php -l valid.php For CI:: php -l broken.php > /dev/null; echo $? php -l valid.php > /dev/null; echo $? find localPackages/ -name \*.php | parallel --gnu php -d display_errors=stderr -l {} > /dev/null \; * PHP Code Sniffer Checks for Coding Guideline, best practices like no debugging code. Extendable, Multiple languages, php, js, typoscript, … Lint and fix. Integrated into IDEs, Editors and CI. * PHPMD https://phpmd.org/ https://phpmd.org/rules/index.html * phpstan https://github.com/phpstan/phpstan https://packagist.org/packages/saschaegerer/phpstan-typo3 PHP >= 7.1 No configuration necessary * phan https://github.com/phan/phan Awesome, but needs configuration file. * https://phpqa.io/ * https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection TypoScript ^^^^^^^^^^ https://github.com/martin-helmich/typo3-typoscript-lint XML / XLIFF ^^^^^^^^^^^ http://xmlsoft.org/xmllint.html JSON / composer.json ^^^^^^^^^^^^^^^^^^^^ `composer validate` YAML (Form extension) ^^^^^^^^^^^^^^^^^^^^^ https://github.com/adrienverge/yamllint Summary ------- Check out possible linter. Integrate linter in CI, optionally also in local IDEs /editors. Prevent "dumb" issues like invalid PHP syntax. Prevent some security issues. Further reading --------------- * https://www.owasp.org/index.php/Static_Code_Analysis * https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis * https://phpqa.io/