PHPStan rule to detect usage of Composer dev-dependency classes in production code, with powerful configuration to re-allow specific classes or namespaces in places where they should be allowed.
Install the extension using Composer:
composer require --dev dimionx/phpstan-rulesFor manual installation, add this to your phpstan.neon:
includes:
- vendor/dimionx/phpstan-rules/extension.neonOnly ignore errors for code that is never executed in production. Typical examples include:
- Test files (
*Test.php,*/Tests/*,*/tests/*) - Test helpers and utilities used exclusively in tests
- Development-only scripts and tools
- Fixture factories used solely for testing
- Code generation scripts used during development
# phpstan.neon
parameters:
ignoreErrors:
# Ignore files that are allowed to use dev-packages
-
identifier: dev.packageUsedInProductionRule
path: '*/Tests/*'- Detects accidental usage of dev-dependency classes in production code
- Configurable autoload types (PSR-4, PSR-0, classmap, files)
- Namespace-based detection for comprehensive coverage
- Flexible allowlists for legitimate cross-environment usage
composer.lockanalysis for accurate dependency mapping