Skip to content

PHPStan should not crash on startup when projects' composer.json is invalid#5779

Merged
staabm merged 10 commits into
phpstan:2.2.xfrom
staabm:bug-14724
May 29, 2026
Merged

PHPStan should not crash on startup when projects' composer.json is invalid#5779
staabm merged 10 commits into
phpstan:2.2.xfrom
staabm:bug-14724

Conversation

@staabm
Copy link
Copy Markdown
Contributor

@staabm staabm commented May 29, 2026
edited
Loading

instead of trusting data we got back from json-decoding composer.json, we now verify it and skip processing data which does not adhere to the types we expect to prevent crashing down the line.

closes phpstan/phpstan#14724

@staabm staabm marked this pull request as draft May 29, 2026 07:25
@staabm staabm requested a review from VincentLanglet May 29, 2026 08:26
VincentLanglet
VincentLanglet reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@VincentLanglet VincentLanglet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the output then ? Should we still have an error message ?

@staabm
Copy link
Copy Markdown
Contributor Author

staabm commented May 29, 2026
edited
Loading

the "output" is a regular PHPStan result which ignored settings from composer.json.
we ignore other composer errors in a similar way already before this PR.

such a invalid composer.json will already be warned about when running "composer update" or similar.

@staabm staabm marked this pull request as ready for review May 29, 2026 08:51
@phpstan-bot
Copy link
Copy Markdown
Collaborator

phpstan-bot commented May 29, 2026

This pull request has been marked as ready for review.

@staabm staabm merged commit c8db9f9 into phpstan:2.2.x May 29, 2026
681 of 689 checks passed
@staabm staabm deleted the bug-14724 branch May 29, 2026 08:53
@talkinnl
Copy link
Copy Markdown

talkinnl commented May 29, 2026
edited
Loading

the "output" is a regular PHPStan result which ignored settings from composer.json. we ignore other composer errors in a similar way already before this PR.

such a invalid composer.json will already be warned about when running "composer update" or similar.

I see how you apply existing behavior, but that behavior does sound like a bug.

If composer.json is in a bad shape, all bets are off. Better to fail fast and loud.

@staabm
Copy link
Copy Markdown
Contributor Author

staabm commented May 29, 2026

@talkinnl if you see room for improvement, feel free to contribute

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VincentLanglet VincentLanglet VincentLanglet approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Array provided to ComposerJsonAndInstalledJsonSourceLocatorMaker::prefixPaths()

4 participants

@staabm @phpstan-bot @talkinnl @VincentLanglet