DrupalSecurity is a library for automated Drupal code security reviews. It defines rules for PHP_CodeSniffer
Note that Javascript has not been supported yet. To check and fix Javascript files please use ESLint and see the Drupal ESLint documentation.
First, install phpcs:
To make the phpcs command available globally, add the Composer
bin path to your $PATH variable in ~/.profile, ~/.bashrc or ~/.zshrc:
export PATH="$PATH:$HOME/.composer/vendor/bin"
Second, install PHPCS plugins: Drupal coder PHPCSUtils
Last, download the DrupalSecurity folder to your local
Check Drupal Security standards
phpcs --standard=/path/to/DrupalSecurity --extensions=php,module,inc,install,theme,yml,twig /file/to/drupal/module