Require php_codesniffer 2.x for compatibility with Coder 8.x

[andrewholgate]

I'd like to run the security audit sniffs along with other Drupal sniffs, such as the main Drupal Standards sniffs included in the Coder module.

As recommended by the author, Coder 8.x can also be used for Drupal 7 audits as well: https://www.drupal.org/node/2374167#comment-9339037 which also gives improved audit results.

Coder 8.x requires php_codesniffer 2.x, which means that it cannot be in conjunction with phpcs-security-audit, which makes things difficult.

Would it be possible to require php_codesniffer 2.x as well?

An alternative idea would be to break phpcs-security-audit into separate repos, one for each framework, that way the correct PHP versions would also be easier to match with the corresponding CMS. (eg. Use the recommended PHP 5.3+ for Drupal 7).

[jmarcil]

Indeed it would be great to support PHPCS 2.x, but one another reason it's not working in your case is a limitation of the old PHPCS that works with just one fixed path installation. Aside from that, I don't know what blocks the installation of two PHPCS in two separate folders.

That said, have you consider using Docker or Vagrant instead to run phpcs/phpcs-security-audit? It would be easier to do than the code change and would be future proof as you just have to keep old versions since this is not web facing running code. Also, it would be super easy to run multiple versions of PHP with it. If this is not a requirement, there's https://github.com/virtphp/virtphp that exists but I don't know how good it works with PHPCS.

Last thing, if the latest version of PHPCS is as slow as 1.x (or at least not 100+ times faster), the required efforts to port to 2.x is not worth it imo and this tool should consider using it's own parser because it really doesn't need all the bells and whistles of PHPCS (it basically just need what's in File.php if I remember well).

[jmarcil]

so far it works now with squizlabs/php_codesniffer 2.9.1
welcome to the future 😄