Question about code sniffing

[antonkomarev]

Hello! First of all thanks for tool helping to improve overall code quality.

GrumPHP is sniffing your code!

Is GrumPHP or any of it's dependencies sends any parts of code to 3rd party sites for analysis or all the checks performing strictly locally?

For example sensiolabs/security-checker is sending composer.lock file for analysis.

[aderuwe]

It depends on the configured tasks - if you have securitychecker enabled then you need sensiolabs/security-checker. Note that it's opt-in.

The core tasks in GrumPHP mostly wrap well-established tools, no more no less. None of them send code or configuration anywhere and neither does GrumPHP itself as you can easily verify in the code.