Showing results for 
Search instead for 
Did you mean: 

Code Sniff Test Updates for the Extension Quality Program

Senior Member

The Magento Marketplace Extension Quality Program will incorporate version 3 of the Code Sniff test into automated testing on 7/11/19.

With the assistance of ExtDN and the community (Thank You everyone!), there have been several updates and changes to the Code Sniff test.  Included with this effort, we also consolidated the test across Magento (internally and externally).


Our desire is to keep this test as up to date as possible, but we recognize that we also need to give extension developers time to understand any new criteria that could potentially cause their submissions to fail.  Due to this, we have decided to create two different update cadences, Warnings and Fixes and Errors.

  1. Warnings and Fixes: New warnings (Sev 9 and below) or fixes to existing sniffs, if available, will be updated the 1st week of each month. Notifications will go out via social media and in email as to what has changed.
  2. Errors: Any new errors (Sev 10) will be added once a quarter. To make it easy to remember, this update will coincide with the Magento patch release schedule. Notifications will go out via devblog, social media and in email detailing any changes a month prior to release.

To assist you with troubleshooting any errors, we are now showing the test version number in the test report as well.


You can find all versions of this test on github and packagist:


This post is also announcing the re-structuring of the severities and the addition of 5 new Sev 10 errors and 5 new warnings.  We will start using version 3 in the Extension Quality Program on 7/11/19


New classifications for Errors and Warnings:






Critical code issue.



Possible security and issues that may cause bugs.



Magento specific code issue.



General code issue.



Code style issue (PSR2).



PHPDoc formatting or commenting issue.


New rules:

Sev 10 Error:  Generic.PHP.NoSilencedErrors - Throws an error or warning when any code prefixed with an asperand is encountered. (increased from 8)

Sev 10 Error:  Magento2.Security.IncludeFile - Detects possible improper usage of include functions.

Sev 10 Error:  Magento2.Security.InsecureFunction - Detects the use of insecure functions like `shell_exec`, `exec`, `system`, etc.

Sev 10 Error: Magento2.PHP.FinalImplementation - The use of final classes and methods is prohibited because they cannot be intercepted.

Sev 10 Error: Magento2.Classes.DiscouragedDependencies - Detects explicit request of proxies and interceptors in constructors.

Sev 8 Warning: Magento2.Classes.AbstractApi - Restricts abstract classes to not being marked as public @api.

Sev 8 Warning: Magento2.Exceptions.ThrowCatch - ensures that exceptions are not handled in the same function where they are thrown.

Sev 8 Warning: Magento2.Functions.StaticFunction  - Detects the use of static methods which are discouraged in Magento.

Sev 7 Warning: Squiz.Operators.ValidLogicalOperators - Ensures logical operators `and` and `or` are not used.

Sev 7 Warning: Magento2.Performance.ForeachArrayMerge - Detects array_merge(...) is used in a loop and is a resources greedy construction.


Full list of Sniffs can be found here:


As always, please reach out to us via one of the following methods if you have any questions or feedback:

@MagentoMP on Twitter

#marketplace or #coding-standard on Magento Community Engineering Slack