Download the PHP package lvandi/php-crap-checker without Composer
On this page you can find all versions of the php package lvandi/php-crap-checker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download lvandi/php-crap-checker
More information about lvandi/php-crap-checker
Files in lvandi/php-crap-checker
Package php-crap-checker
Short Description A CLI tool to fail CI when PHP CRAP score exceeds a configured threshold.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package php-crap-checker
php-crap-checker
A CI quality gate for method-level change risk in PHP projects.
Why this tool exists
Complex code with low test coverage is risky to change. The CRAP score captures this pattern in a single number. crap-check turns that signal into a CI gate: if any method exceeds the threshold, the build fails.
This matters in any workflow where code can be generated, refactored, or expanded quickly — including AI-assisted development — because static analysis and basic tests can pass while change risk quietly accumulates at method level.
What is the CRAP score?
CRAP (Change Risk Anti-Patterns) is a metric that combines cyclomatic complexity and test coverage. A method scores higher when it is both complex and poorly tested. The formula is:
A low CRAP score means the method is either simple, well-tested, or both. A high score is a signal worth investigating — not necessarily a hard blocker, but a starting point for review.
What this package does
- Reads a Crap4J XML report generated by PHPUnit
- Compares each method's CRAP score against a configurable threshold
- Prints the violations sorted by severity
- Exits with a non-zero code so CI fails when the threshold is exceeded
- Diagnoses environment and PHPUnit configuration (
doctorcommand)
What this package does NOT do
- Generate code coverage (that is PHPUnit's job, with PCOV or Xdebug)
- Replace tools like Codecov for overall coverage tracking
- Apply per-method or per-path ignores (planned for a future release)
- Read Clover or other coverage formats
Installation
Usage
Basic usage
The report argument defaults to build/crap4j.xml and --threshold defaults to 30.
Options
| Option | Default | Description |
|---|---|---|
report |
build/crap4j.xml |
Path to the Crap4J XML report |
--threshold |
30 |
Maximum allowed CRAP score (exclusive) |
--max-violations |
(none) | Maximum number of violations before CI fails |
--max-age |
(none) | Maximum report age; accepts minutes (60), or duration strings (30m, 2h) |
--format |
text |
Output format (text, json) |
Usage in GitHub Actions
Full example with PHP matrix:
Usage with Codecov
php-crap-checker and Codecov serve different purposes and work well together:
Codecov tracks overall and patch coverage. crap-check enforces a per-method CRAP threshold. They complement each other.
Exit codes
| Code | Meaning |
|---|---|
0 |
OK — no violations |
1 |
CRAP threshold exceeded |
2 |
Invalid input (e.g. non-numeric threshold) |
3 |
Report file not found or not readable |
4 |
Invalid XML in report |
5 |
Report valid but contains no methods |
Output examples
No violations
Violations found
Report not found
A note on PCOV and Xdebug
PCOV and Xdebug are not required by this package. They are required by PHPUnit to generate the Crap4J report. Once the report exists, crap-check reads the XML and needs no coverage driver.
In CI, install PCOV (faster) or Xdebug only in the step that generates coverage:
If you already have a report from a previous step or artifact, you can run crap-check without any coverage extension.
Interpreting a high CRAP score
A high CRAP score on a method is a signal, not a verdict. Before raising the threshold or suppressing the check, consider:
- Add tests: if the method is complex but untested, coverage will bring the score down
- Reduce complexity: extract helper methods or simplify branching logic
- Accept and document: some methods are inherently complex and well-understood — a future baseline feature will allow explicit exceptions
Mechanically writing tests just to lower the number defeats the purpose. Use the score to guide meaningful improvement.
Adopting on a legacy project
If your codebase already has many violations, a zero-tolerance threshold from day one is counterproductive. See docs/ADOPTING.md for gradual adoption strategies: start permissive and tighten over time, cap violations with --max-violations, and how to talk to your team about the metric.
Planned
Future releases may add:
- baseline support (snapshot a list of known violations, block only new ones)
--fail-on=newand--fail-on=worsened- ignore rules for paths and specific methods
- GitHub Actions annotations
Requirements
- PHP
>=8.3 ext-simplexmlsymfony/console^7.0
Development
PHP runs inside Docker. Build the image once (uses your host UID/GID to avoid file permission issues):
Common commands:
Contributing
Contributions are welcome. See CONTRIBUTING.md for guidelines on opening issues and submitting pull requests.
To report a security vulnerability, follow the process described in SECURITY.md.
This project is released under the MIT License.
