Psalm support is unclear from README.md

[alies-dev]

There is a link to PHPStan plugin for for the package, but Psalm support is unclear from the README. What is the status?

[jack-worman]

I wrote a plugin that will add all non-safe functions to the forbidden function list.
Feel free to use it:

class Plugin implements PluginEntryPointInterface
{
    public function __invoke(RegistrationInterface $registration, ?\SimpleXMLElement $config = null): void
    {
        /** @psalm-suppress InternalClass,InternalMethod */
        $config = ProjectAnalyzer::getInstance()->getCodebase()->config;
        $forbiddenFunctions = &$config->forbidden_functions;
        $deprecatedSafeFunctions = [
            'safe\\sprintf' => true,
            'safe\\ksort' => true,
            'safe\\usort' => true,
            'safe\\array_flip' => true,
            'safe\\substr' => true,
            'safe\\sort' => true,
            'safe\\asort' => true,
            'safe\\password_hash' => true,
            'safe\\sleep' => true,
        ];
        foreach (\get_defined_functions()['user'] as $functionName) {
            if (!\str_starts_with($functionName, 'safe\\')) {
                continue;
            }
            if (isset($deprecatedSafeFunctions[$functionName])) {
                unset($deprecatedSafeFunctions[$functionName]);
                continue;
            }
            $forbiddenFunctions[\substr($functionName, 5)] = true;
        }
        if ($deprecatedSafeFunctions !== []) {
            throw new \Exception('$deprecatedSafeFunctions has unused keys: ' . \var_export($deprecatedSafeFunctions, true));
        }
    }
}

[shish]

As far as I'm aware nobody on the current maintainer team is using psalm - if it works, that's good, if it doesn't work, we welcome assistance :)