Visualize Your Code's Quality with PhpMetrics

Originally published at:

We had been looking into code quality checking tools for a while here on SitePoint – most recently in a series on Jenkins, but none of those could do what a project I’ve only recently found out about can.

PhpMetrics uses D3 and some sophisticated analysis algorithms to scan your application’s code and output intricate reports about it.


Installing and Using PhpMetrics

It’s a bit hard to talk about it without seeing a proper example, so let’s install and run it, then explain every part.

Continue reading this article on SitePoint

PhpMetrics seems to be relatively new. Does it use PHP_Depend or does it implement its own code analyzer? There is not a lot of information available on this tool.

As of now I use SonarQube as Continuous Inspection tool. In combination with Jenkins it is absolutely invaluable. SonarQube just needs the report XML files from PhpUnit, PHP_Depend etc. If PhpMetrics has an XML report file it should be possible to integrate it with SonarQube in order to have tracking of code quality metrics over time.

According to a basic repo search, there’s no reference of PHP_Depend.


First, congratulations @swader for this article which is very comprehensive !

Does it use PHP_Depend or does it implement its own code analyzer?

PhpMetrics doesn’t use PhpDepend, and has his own parser. My first idea was to create a new renderer for PhpDepend, but the philosophies of these tools are not the same, and many metrics essential to me are not provided by PhpDepend

If PhpMetrics has an XML report file it should be possible to integrate it with SonarQub

PhMetrics can interact with Sonar (or Jenkins) with the --report-xml and --violations-xml parameters.

There is not a lot of information available on this tool

I hope it will come : my english is really poor, and I need help for documentation and translation from French. Any help is welcome :slight_smile:


@Halleck45 great to have you here, welcome to the forums!

Your English isn’t bad at all judging from what I’ve seen so far, but I think you can count on the community’s help, even in terms of translating to other languages - just try and make a good “contributing to documentation” guide section and I’m sure we’ll get right on it. Is the documentation on Github, too?

Based on the info here and on the project-site, i have zero idea how to use this.

For example:

*On the “download”-page, there is no download-link, just something that looks like a bunch of DOS-commands.

  • The “about”-page is just an exact copy of the useless “download”-page.

  • The “documentation” immediately assumes that you already know how to use the thing.
    No trace of any “get started”, or “read me first”, etc.

I’m guessing this is some Linux-stuff.
that usually the case, when the builder assumes everyone can read his mind.


The installation procedure is described in the post. Get a vagrant box up and running and enter the composer commands.

Composer works on any OS, and is the basis of modern PHP development when using third party libraries and packages. For an introduction, and to make things clear, see this.

It looks like a great tool, easier to install than Jenkins :stuck_out_tongue:

Just a quick note on the results Laravel/Symfony2; it’s important the remind that Laravel uses a lot of Symfony2 components, so I guess if you count them into the codebase of Laravel, which makes sense because Laravel wouldn’t work without those components, Laravel would become heavier.

Note to haters : i’m a huge Laravel fan, and creator of ; so don’t get pissed off by my comment :slight_smile:

Oh, so It all runs on Perkins, that is a version of Burke, that needs JinXXxx, that has to be installed using Gurkha, that requires a functional “palinDrome”-box, with you can run inside a Charleston-container, that you can compile using “wonderful 2.0” , and so on, etc…?

And who have guessed that such a delicious soup could have been made from only a simple lump of rock?

While I understand your frustration as caused by your failing to keep up, you can also avoid all this, and install it just via the command line with the first three lines on the landing page, into any PHP installation of any type. What I listed above are merely best practices.

chmod +x phpmetrics.phar
mv phpmetrics.phar /usr/local/bin/phpmetrics

If you don’t understand this (which is multiplatform, btw - on Windows, you get these commands through Git Bash), I’m sorry but I don’t know how to help beyond recommending a “basics of terminal” course because without even the most basic terminal knowledge you’ll never get a serious web development job, I guarantee this.



Like the people behind this tool, you assume that everyone is running the exact same system as you.

It doesn’t run on OSX Mavericks. A pity.

I do no such thing.

chmod +x means “give execute permission to this file”, which, in Windows environments, can be replaced by simply running PhpMetrics as this:

php phpmetrics.phar

Another approach is just opening the file properties window, since you’re obviously of the GUI type, and just select “executable file” as a permission, or your system’s equivalent.

How do you mean? It works for me.

My employer demands I use MAMPP instead of the inbuilt PHP and Apache webserver. That’s likely the culprit.

You run your development environment unvirtualized?

Unfortunately. I’m not allowed to do otherwise in order “to stay consistent with the other developers”

That sucks.

I would definitely just run what I want (vb + vagrant). So long as you have sudo no one can really stop you…

Not to mention running nfs w/ php5-fpm with apache 2.4 is blazing fast even for a vm.

It boggles my mind that some people don’t understand and/or are to stubborn to use a vm. I quite frankly just won’t stand for it – easier to ask for forgiveness than permission.

I’m curious to run this on Magento EE 1.14.1 also Drupal 7 and 8.

You can stay consistent while virtualized. Just install the same versions of PHP / Apache, whatever, into the VM and you have the exact same environment in a VM, and none’s the wiser. What’s more, you now have a fully destructible and rebuildable environment which you can tear down, rework, and experiment with at will with zero consequences.

Preaching to the choir man, preaching to the choir. I’m trying to convince him, but since workstation layouts do get spot checked I’d rather not risk incurring any wrath.

Spot checked? Someone actually sits down at your station and inspects it? Cause other than that, a Vagrant powered VM is undetectable, it just runs in the background after you run a terminal command. To detect it, someone would have to inspect running processes, there’s literally no other simpler way.

No offense, but it sounds like you work in some kind of totalitarian regime.