Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.
apm install @wpdoaction/wp-phpstan
[](https://apm-p1ls2dz87-atlamors-projects.vercel.app/packages/@wpdoaction/wp-phpstan)---
name: wp-phpstan
description: "Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes."
compatibility: "Targets WordPress 6.9+ (PHP 7.2.24+). Requires Composer-based PHPStan."
---
# WP PHPStan
## When to use
Use this skill when working on PHPStan in a WordPress codebase, for example:
- setting up or updating `phpstan.neon` / `phpstan.neon.dist`
- generating or updating `phpstan-baseline.neon`
- fixing PHPStan errors via WordPress-friendly PHPDoc (REST requests, hooks, query results)
- handling third-party plugin/theme classes safely (stubs/autoload/targeted ignores)
## Inputs required
- `wp-project-triage` output (run first if you haven't)
- Whether adding/updating Composer dev dependencies is allowed (stubs).
- Whether changing the baseline is allowed for this task.
## Procedure
### 0) Discover PHPStan entrypoints (deterministic)
1. Inspect PHPStan setup (config, baseline, scripts):
- `node skills/wp-phpstan/scripts/phpstan_inspect.mjs`
Prefer the repo’s existing `composer` script (e.g. `composer run phpstan`) when present.
### 1) Ensure WordPress core stubs are loaded
`szepeviktor/phpstan-wordpress` or `php-stubs/wordpress-stubs` are effectively required for most WordPress plugin/theme repos. Without it, expect a high volume of errors about unknown WordPress core functions.
- Confirm the package is installed (see `composer.dependencies` in the inspect report).
- Ensure the PHPStan config references the stubs (see `references/third-party-classes.md`).
### 2) Ensure a sane `phpstan.neon` for WordPress projects
- Keep `paths` focused on first-party code (plugin/theme directories).
- Exclude generated and vendored code (`vendor/`, `node_modules/`, build artifacts, tests unless explicitly analyzed).
- Keep `ignoreErrors` entries narrow and documented.
See:
- `references/configuration.md`
### 3) Fix errors with WordPress-specific typing (preferred)
Prefer correcting types over ignoring errors. Common WP patterns that need help:
- REST endpoints: type request parameters using `WP_REST_Request<...>`
- Hook callbacks: add accurate `@param` types for callback args
- Database results and iterables: use array shapes or object shapes for query results
- Action Scheduler: type `$args` array shapes for job callbacks
See:
- `references/wordpress-annotations.md`
### 4) Handle third-party plugin/theme classes (only when needed)
When integrating with plugins/themes not present in the analysis environment:
- First, confirm the dependency is real (installed/required).
- Prefer plugin-specific stubs already used in the repo (common examples: `php-stubs/woocommerce-stubs`, `php-stubs/acf-pro-stubs`).
- If PHPStan still cannot resolve classes, add targeted `ignoreErrors` patterns for the specific vendor prefix.
See:
- `references/third-party-classes.md`
### 5) Baseline management (use as a migration tool, not a trash bin)
- Generate a baseline once for legacy code, then reduce it over time.
- Do not “baseline” newly introduced errors.
See:
- `references/configuration.md`
## Verification
- Run PHPStan using the discovered command (`composer run ...` or `vendor/bin/phpstan analyse`).
- Confirm the baseline file (if used) is included and didn’t grow unexpectedly.
- Re-run after changing `ignoreErrors` to ensure patterns are not masking unrelated issues.
## Failure modes / debugging
- “Class not found”:
- confirm autoloading/stubs, or add a narrow ignore pattern
- Huge error counts after enabling PHPStan:
- reduce `paths`, add `excludePaths`, start at a lower level, then ratchet up
- Inconsistent types around hooks / REST params:
- add explicit PHPDoc (see references) rather than runtime guards
## Escalation
- If a type depends on a third-party plugin API you can’t confirm, ask for the dependency version or source before inventing types.
- If fixing requires adding new Composer dependencies (stubs/extensions), confirm it with the user first.