
Security News
/Research
Coordinated npm and PyPI Campaign Typosquats Popular Secure Payment Apps
Socket uncovered 17 malicious npm and PyPI packages typosquatting Paysafe, Skrill, and Neteller SDKs to steal developer secrets.
coc.nvim extension for Psalm language server.
"Psalm" started as a static analysis tool, but now it also has the features of a Language Server.
:CocInstall coc-psalm
Install psalm in your project.
composer require --dev vimeo/psalm
Required: The project must contain a psalm.xml or psalm.xml.dist file as a condition for starting "coc-psalm".
./vendor/bin/psalm --init
psalm.enable: Enable coc-psalm extension, default: truepsalm.disableCompletion: Disable completion only, default: falsepsalm.disableDefinition: Disable definition only, default: falsepsalm.disableProgressOnInitialization: Disable ProgressOnInitialization only, default: falsepsalm.phpExecutablePath: Optional, defaults to searching for "php". The path to a PHP 7.0+ executable to use to execute the Psalm server. The PHP 7.0+ installation should preferably include and enable the PHP module pcntl. (Modifying requires restart), default: nullpsalm.phpExecutableArgs: Optional (Advanced), default is '-dxdebug.remote_autostart=0 -dxdebug.remote_enable=0 -dxdebug_profiler_enable=0'. Additional PHP executable CLI arguments to use, default: ["-dxdebug.remote_autostart=0", "-dxdebug.remote_enable=0", "-dxdebug_profiler_enable=0"]psalm.psalmScriptPath: Optional (Advanced). If provided, this overrides the Psalm server script to use, e.g. vendor/bin/psalm-language-server, $HOME/path/to/psalm-language-server, ~/path/to/psalm-language-server (Modifying requires restart), default: nullpsalm.psalmScriptExtraArgs: Optional (Advanced). Additional arguments to the Psalm language server. (Modifying requires restart), default: []psalm.enableUseIniDefaults: Enable this to use PHP-provided ini defaults for memory and error display. (Modifying requires restart), default: falsepsalm.enableDebugLog: Enable this to print messages, default: falsepsalm.analyzedFileExtensions: A list of file extensions to request Psalm to analyze. By default, this only includes 'php' (Modifying requires restart), default: [{ "scheme": "file", "language": "php" }, { "scheme": "untitled", "language": "php" }]psalm.unusedVariableDetection: Enable this to enable unused variable and parameter detection, default: falsepsalm.configPaths: A list of files to checkup for psalm configuration (relative to the workspace directory), default: ["psalm.xml", "psalm.xml.dist"]psalm.trace.server: Traces the communication between coc.nvim and the Psalm language server, valid options ["off", "messages", "verbose"], default: offpsalm.restartPsalmServer: Restart Psalm Language serverpsalm.analyzeWorkSpace: Analyze Workspacenmap <silent> ga <Plug>(coc-codeaction-line)
Usage:
In the line with diagnostic message, enter the mapped key (e.g. ga) and you will see a list of code actions that can be performed.
Show issue for https://psalm.dev/xxx: Open the issue url in your browserSuppress all for this lineSuppress XXX for this lineTo use it, you need to install coc-xml.
MIT
This extension is built with create-coc-extension
FAQs
Psalm extension for coc.nvim
We found that coc-psalm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Socket uncovered 17 malicious npm and PyPI packages typosquatting Paysafe, Skrill, and Neteller SDKs to steal developer secrets.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.