DevStandards MCP Server

id,category,subcategory,title,description,severity,examples,references,tags,rationale,fix_guidance ACC001,drupal_accessibility,acc1,Images must have alt attributes for screen readers,"Images must have alt attributes for screen readers. Use meaningful descriptions that describe the image content or function, not decorative text like 'image' or 'photo'. For decorative images, use empty alt='' to indicate they should be ignored by screen readers.",high,"{""good"": ""<img src=\""logo.png\"" alt=\""Company ABC Logo\"" />"", ""bad"": ""<img src=\""logo.png\"" alt=\""image\"" /><!-- Decorative --><img src=\""decoration.png\"" alt=\""\"" />""}","[""https://www.drupal.org/docs/accessibility""]",accessibility,, ACC002,drupal_accessibility,acc2,"ARIA attributes should not be empty and must provide meaningful values that describe the element's purpose, state, or properties","ARIA attributes should not be empty and must provide meaningful values that describe the element's purpose, state, or properties. Use aria-label for accessible names, aria-describedby for additional descriptions, and aria-expanded for collapsible elements.",high,"{""good"": ""<button aria-label=\""Close dialog\"" aria-expanded=\""false\"">\u00d7</button>"", ""bad"": ""<button aria-label=\""\"">\u00d7</button>""}","[""https://www.drupal.org/docs/accessibility""]",accessibility,, ACC003,drupal_accessibility,acc3,Buttons should have meaningful descriptive content that clearly indicates their action or purpose,"Buttons should have meaningful descriptive content that clearly indicates their action or purpose. Avoid generic text like 'Click here', 'Read more', or 'Submit'. Include context about what the button does.",high,"{""good"": ""<button>Save user profile</button><a href=\""/article\"">Read full article about climate change</a>"", ""bad"": ""<button>Click here</button><a href=\""/article\"">Read more</a>""}","[""https://www.drupal.org/docs/accessibility""]",accessibility,, ACC004,drupal_accessibility,acc,Form inputs should include aria-label or,Form inputs should include aria-label or aria-labelledby attributes,high,{},[],forms|accessibility|drupal,"This ensures your site is accessible to all users, including those using assistive technologies",Update your code to follow the Form inputs should include aria-label or standard as described ACC005,drupal_accessibility,acc,Videos should include captions for accessibility,Videos should include captions for accessibility,high,{},[],accessibility|drupal|access,"This ensures your site is accessible to all users, including those using assistive technologies",Update your code to follow the Videos should include captions for accessibility standard as described ACC006,drupal_accessibility,acc,Use headings (h1-h6) in logical order to,Use headings (h1-h6) in logical order to structure content,high,{},[],accessibility|drupal,"This ensures your site is accessible to all users, including those using assistive technologies",Update your code to follow the Use headings (h1-h6) in logical order to standard as described ACC007,drupal_accessibility,acc,Ensure all interactive elements are accessible,Ensure all interactive elements are accessible via keyboard,high,{},[],accessibility|drupal|access,"This ensures your site is accessible to all users, including those using assistive technologies",Update your code to follow the Ensure all interactive elements are accessible standard as described ACC008,drupal_accessibility,acc,Use semantic HTML elements (nav article section,Use semantic HTML elements (nav article section aside),high,{},[],accessibility|drupal,"This ensures your site is accessible to all users, including those using assistive technologies",Update your code to follow the Use semantic HTML elements (nav article section standard as described API001,drupal_api,api1,Use standard HTTP methods (GET,"Use standard HTTP methods (GET for retrieval, POST for creation, PUT for complete updates, DELETE for removal, PATCH for partial updates) for API endpoints. Follow RESTful conventions for predictable API behavior.",medium,"{""good"": ""// mymodule.routing.yml\nmymodule.api.users:\n path: '/api/users'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\ApiController::getUsers'\n requirements:\n _permission: 'access api'\n methods: [GET]\n\nmymodule.api.user_create:\n path: '/api/users'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\ApiController::createUser'\n requirements:\n _permission: 'create users via api'\n methods: [POST]\n\nmymodule.api.user_update:\n path: '/api/users/{id}'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\ApiController::updateUser'\n requirements:\n _permission: 'update users via api'\n id: \\d+\n methods: [PUT, PATCH]\n\nmymodule.api.user_delete:\n path: '/api/users/{id}'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\ApiController::deleteUser'\n requirements:\n _permission: 'delete users via api'\n id: \\d+\n methods: [DELETE]"", ""bad"": """"}","[""https://www.drupal.org/docs/drupal-apis"", ""https://api.drupal.org""]",api,, API001,drupal_api,api,Use standard HTTP methods (GET POST PUT DELETE,Use standard HTTP methods (GET POST PUT DELETE PATCH) for API endpoints,high,{},[],api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Use standard HTTP methods (GET POST PUT DELETE standard as described API002,drupal_api,api,Implement proper error handling for API functions,Implement proper error handling for API functions,high,{},[],api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement proper error handling for API functions standard as described API003,drupal_api,api,Ensure all API responses are properly formatted,Ensure all API responses are properly formatted as JSON,high,{},[],forms|api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure all API responses are properly formatted standard as described API004,drupal_api,api,Use appropriate HTTP status codes for API,Use appropriate HTTP status codes for API responses,high,{},[],api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Use appropriate HTTP status codes for API standard as described API005,drupal_api,api,Implement API versioning to manage changes,Implement API versioning to manage changes,high,{},[],api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement API versioning to manage changes standard as described API006,drupal_api,api,Use OAuth JWT or secure authentication methods,Use OAuth JWT or secure authentication methods for APIs,high,{},[],api|drupal,Following this api best practice ensures maintainable and standards-compliant code,Update your code to follow the Use OAuth JWT or secure authentication methods standard as described DRUPAL001,drupal_best_practices,drupal1,"Use hasField(), get(), and value() methods","Use hasField(), get(), and value() methods for entity fields instead of direct property access. This ensures proper field API integration and handles missing fields gracefully.",medium,"{""good"": ""if ($node->hasField('field_custom_data')) {\n $field_value = $node->get('field_custom_data')->value;\n $field_items = $node->get('field_custom_data')->getValue();\n \n // For entity reference fields\n $referenced_entities = $node->get('field_references')->referencedEntities();\n}"", ""bad"": ""$field_value = $node->field_custom_data->value; // May cause errors""}",[],drupal|api,, DRUPAL001,drupal_best_practices,dru,Use hasField() get() and value() methods for,Use hasField() get() and value() methods for entity fields,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use hasField() get() and value() methods for standard as described DRUPAL002,drupal_best_practices,drupal2,Use try/catch,Use try/catch for exception handling with proper logging using \Drupal::logger() service. This ensures errors are properly logged and handled without breaking the application.,medium,"{""good"": ""try {\n $entity = $this->entityTypeManager\n ->getStorage('node')\n ->load($nid);\n \n $entity->set('title', $new_title);\n $entity->save();\n \n $this->logger->info('Updated node @nid', ['@nid' => $nid]);\n \n} catch (\\Exception $e) {\n $this->logger->error('Failed to update node @nid: @message', [\n '@nid' => $nid,\n '@message' => $e->getMessage(),\n ]);\n}"", ""bad"": """"}",[],drupal,, DRUPAL002,drupal_best_practices,dru,Use try/catch for exception handling with proper,Use try/catch for exception handling with proper logging,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use try/catch for exception handling with proper standard as described DRUPAL003,drupal_best_practices,dru,Use Drupal's database abstraction layer for all,Use Drupal's database abstraction layer for all queries,medium,{},[],database|drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Drupal's database abstraction layer for all standard as described DRUPAL004,drupal_best_practices,dru,Implement hook_update_N() for schema changes,Implement hook_update_N() for schema changes,medium,{},[],hooks|drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement hook_update_N() for schema changes standard as described DRUPAL005,drupal_best_practices,dru,Use services.yml and proper container injection,Use services.yml and proper container injection,medium,{},[],injection|drupal|services,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use services.yml and proper container injection standard as described DRUPAL006,drupal_best_practices,dru,Define routes in routing.yml with proper access,Define routes in routing.yml with proper access checks,medium,{},[],drupal|access,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Define routes in routing.yml with proper access standard as described DRUPAL007,drupal_best_practices,dru,Extend FormBase or ConfigFormBase with proper,Extend FormBase or ConfigFormBase with proper validation,medium,{},[],forms|configuration|drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Extend FormBase or ConfigFormBase with proper standard as described DRUPAL008,drupal_best_practices,dru,Follow entity API best practices for CRUD,Follow entity API best practices for CRUD operations,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Follow entity API best practices for CRUD standard as described DRUPAL009,drupal_best_practices,dru,Use plugin system with proper annotations,Use plugin system with proper annotations,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use plugin system with proper annotations standard as described DRUPAL010,drupal_best_practices,dru,Use t() function for translatable strings,Use t() function for translatable strings,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use t() function for translatable strings standard as described DRUPAL011,drupal_best_practices,dru,Use ConfigFactory for configuration management,Use ConfigFactory for configuration management,medium,{},[],configuration|drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use ConfigFactory for configuration management standard as described DRUPAL012,drupal_best_practices,dru,Use #attached in render arrays instead of,Use #attached in render arrays instead of drupal_add_js/css,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use #attached in render arrays instead of standard as described DRUPAL013,drupal_best_practices,dru,Use proper hook implementation format:,Use proper hook implementation format: module_name_hook_name(),medium,{},[],forms|hooks|drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use proper hook implementation format: standard as described DRUPAL014,drupal_best_practices,dru,Replace theme functions with Twig templates,Replace theme functions with Twig templates,medium,{},[],drupal|twig,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Replace theme functions with Twig templates standard as described DRUPAL015,drupal_best_practices,dru,Use controller classes with route definitions,Use controller classes with route definitions,medium,{},[],drupal,Following this best practices best practice ensures maintainable and standards-compliant code,Update your code to follow the Use controller classes with route definitions standard as described DS005,drupal_best_practices,configuration,Use Configuration API,Store configuration properly,high,"{""good"": ""$config = \\Drupal::config('mymodule.settings');"", ""bad"": ""variable_set('mymodule_setting', $value);""}","[""https://www.drupal.org/docs/drupal-apis/configuration-api""]",configuration|api,Configuration API provides proper deployment workflow,Migrate variables to configuration system DS008,drupal_best_practices,dependency_injection,Use Dependency Injection,Inject services instead of calling static methods,high,"{""good"": ""public function __construct(EntityTypeManagerInterface $entity_type_manager) { ... }"", ""bad"": ""\\Drupal::entityTypeManager()""}","[""https://www.drupal.org/docs/drupal-apis/services-and-dependency-injection""]",services|di|best-practices,Dependency injection improves testability and maintainability,Implement ContainerInjectionInterface or extend ControllerBase BUILD001,drupal_build,bui,Set mode to production for production builds,Set mode to production for production builds,medium,{},[],drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Set mode to production for production builds standard as described BUILD002,drupal_build,bui,Use source-map or hidden-source-map for,Use source-map or hidden-source-map for production builds,medium,{},[],drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Use source-map or hidden-source-map for standard as described BUILD003,drupal_build,bui,Enable code splitting for all chunks in,Enable code splitting for all chunks in optimization settings,medium,{},[],drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Enable code splitting for all chunks in standard as described BUILD004,drupal_build,bui,Enable tree shaking by setting usedExports to,Enable tree shaking by setting usedExports to true,medium,{},[],drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Enable tree shaking by setting usedExports to standard as described BUILD005,drupal_build,bui,Use content hashing in filenames for better,Use content hashing in filenames for better caching,medium,{},[],caching|drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Use content hashing in filenames for better standard as described BUILD006,drupal_build,bui,Implement proper caching strategies for static,Implement proper caching strategies for static assets,medium,{},[],caching|drupal,Following this build best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement proper caching strategies for static standard as described DS004,drupal_coding_standards,services,Service Naming Convention,Use lowercase with dots for service names,medium,"{""good"": ""mymodule.breadcrumb_builder"", ""bad"": ""MyModule.BreadcrumbBuilder""}","[""https://www.drupal.org/docs/develop/standards""]",naming|services|conventions,Consistency improves code readability,Update service definitions in .services.yml DS010,drupal_coding_standards,hooks,Hook Implementation Naming,Follow hook naming conventions,low,"{""good"": ""function mymodule_form_alter(&$form, FormStateInterface $form_state, $form_id) { ... }"", ""bad"": ""function my_module_formAlter(...) { ... }""}","[""https://www.drupal.org/docs/develop/standards/hooks""]",hooks|naming|conventions,Proper hook naming ensures Drupal can discover and invoke them,Use module_name_hook_name pattern DS_DOC_001,drupal_coding_standards,documentation,DocBlock Format,"DocBlocks must start with /** and end with */, with the summary line limited to 80 characters",medium,"{""good"": ""/**\n * Calculates the total price including tax.\n *\n * @param float $price\n * The base price.\n * @param float $tax_rate\n * The tax rate as a decimal.\n *\n * @return float\n * The total price with tax.\n */"", ""bad"": ""/*\n* Calculates the total price including tax\n*/""}","[""https://www.drupal.org/docs/develop/standards/php/api-documentation-and-comment-standards""]",documentation|docblock|comments,Proper DocBlocks enable IDE support and documentation generation,Format DocBlocks with proper structure and tags DS_DOC_002,drupal_coding_standards,documentation,Parameter Documentation,All function parameters must be documented with @param tags including type and description,high,"{""good"": ""/**\n * @param \\Drupal\\Core\\Entity\\EntityInterface $entity\n * The entity to process.\n * @param array $options\n * An array of processing options.\n */"", ""bad"": ""/**\n * @param $entity\n * @param $options\n */""}","[""https://www.drupal.org/docs/develop/standards/php/api-documentation-and-comment-standards""]",documentation|parameters|docblock,Complete parameter documentation helps developers understand function usage,Document all parameters with type and description DS_DOC_003,drupal_coding_standards,documentation,Return Value Documentation,Functions that return values must document the return type and description with @return tag,high,"{""good"": ""/**\n * @return \\Drupal\\Core\\Entity\\EntityInterface|null\n * The loaded entity, or NULL if not found.\n */"", ""bad"": ""/**\n * @return mixed\n */""}","[""https://www.drupal.org/docs/develop/standards/php/api-documentation-and-comment-standards""]",documentation|return|docblock,Return type documentation enables better IDE support and prevents errors,Document return values with specific types and descriptions DS_DOC_004,drupal_coding_standards,documentation,File-level Documentation,Every PHP file should start with a @file tag describing the file's purpose,low,"{""good"": ""<?php\n\n/**\n * @file\n * Contains hook implementations for the Example module.\n */"", ""bad"": ""<?php\n// Example module hooks""}","[""https://www.drupal.org/docs/develop/standards/php/api-documentation-examples""]",documentation|file|docblock,File documentation provides context for the file's purpose,Add @file documentation to the beginning of PHP files DS_DOC_005,drupal_coding_standards,documentation,Class Documentation,Classes must have a DocBlock describing their purpose and key responsibilities,medium,"{""good"": ""/**\n * Provides a form for user registration.\n *\n * This form collects user information and creates\n * a new user account with the provided data.\n */\nclass UserRegistrationForm extends FormBase { }"", ""bad"": ""class UserRegistrationForm extends FormBase { }""}","[""https://www.drupal.org/docs/develop/standards/php/api-documentation-examples""]",documentation|classes|docblock,Class documentation helps developers understand the class purpose and usage,Add descriptive DocBlocks to all classes DS_E_ALL_001,drupal_coding_standards,error_handling,Variable Existence Checking,Always check variable existence with isset() or !empty() before use to avoid E_NOTICE errors,medium,"{""good"": ""if (!empty($form['#input'])) {\n // process input\n}"", ""bad"": ""if ($form['#input']) {\n // may trigger undefined index\n}""}","[""https://www.drupal.org/docs/develop/coding-standards/write-e_all-compliant-code""]",error-handling|variables|e_all,Prevents PHP notices and ensures code runs cleanly with error reporting enabled,Use isset() or !empty() to check variables before access DS_E_ALL_002,drupal_coding_standards,error_handling,Array Index Checking,Check array indexes exist before accessing to prevent undefined index errors,medium,"{""good"": ""if (isset($data['key'])) {\n $value = $data['key'];\n}"", ""bad"": ""$value = $data['key']; // May not exist""}","[""https://www.drupal.org/docs/develop/coding-standards/write-e_all-compliant-code""]",error-handling|arrays|e_all,Prevents undefined index notices and makes code more robust,Check array keys with isset() before accessing DS_NS_001,drupal_coding_standards,namespaces,Namespace Structure,Namespaces must follow the pattern Drupal\module_name\... for modules,critical,"{""good"": ""namespace Drupal\\mymodule\\Controller;"", ""bad"": ""namespace MyModule\\Controller;""}","[""https://www.drupal.org/docs/develop/coding-standards/namespaces""]",namespaces|psr-4|structure,Consistent namespace structure enables Drupal's autoloading,Use Drupal\module_name as the base namespace DS_NS_002,drupal_coding_standards,namespaces,Use Statement Format,"Each use statement must import a single class, with statements organized alphabetically",medium,"{""good"": ""use Drupal\\Core\\Entity\\EntityInterface;\nuse Drupal\\Core\\Form\\FormBase;\nuse Drupal\\node\\NodeInterface;"", ""bad"": ""use Drupal\\Core\\Entity\\EntityInterface, Drupal\\Core\\Form\\FormBase;""}","[""https://www.drupal.org/docs/develop/coding-standards/namespaces""]",namespaces|imports|use,Single imports per line improve readability and version control,Use one class per use statement and organize alphabetically DS_NS_003,drupal_coding_standards,namespaces,Global Class References,Global classes must be referenced with a leading backslash when used in namespaced code,medium,"{""good"": ""$date = new \\DateTime();\n$exception = new \\Exception('Error');"", ""bad"": ""$date = new DateTime();""}","[""https://www.drupal.org/docs/develop/coding-standards/namespaces""]",namespaces|global|classes,"Leading backslash ensures PHP uses the global class, not a relative namespace",Add leading backslash to global class instantiations DS_PHP_001,drupal_coding_standards,php_syntax,Use Short Array Syntax,Always use short array syntax [] instead of array() for better readability and modern PHP practices,medium,"{""good"": ""$some_array = ['hello', 'world', 'foo' => 'bar'];"", ""bad"": ""$some_array = array('hello', 'world', 'foo' => 'bar');""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|arrays|syntax,Short array syntax is more concise and aligns with modern PHP standards,Replace array() with [] throughout your codebase DS_PHP_002,drupal_coding_standards,php_syntax,Multi-line Array Formatting,Multi-line arrays must have each element on its own line with proper indentation and a trailing comma after the last element,low,"{""good"": ""$array = [\n 'key1' => 'value1',\n 'key2' => 'value2',\n 'key3' => 'value3',\n];"", ""bad"": ""$array = ['key1' => 'value1', 'key2' => 'value2',\n'key3' => 'value3'];""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|arrays|formatting,Consistent formatting improves readability and reduces merge conflicts,Format multi-line arrays with proper indentation and trailing commas DS_PHP_003,drupal_coding_standards,php_syntax,Type Casting Spacing,Always include a space between the cast type and the variable being cast,low,"{""good"": ""$int_value = (int) $mynumber;"", ""bad"": ""$int_value = (int)$mynumber;""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|casting|spacing,Consistent spacing improves code readability,Add a space after type casts DS_PHP_004,drupal_coding_standards,control_structures,Control Structure Formatting,"Control structures must always use curly braces, have one space between keyword and parenthesis, opening brace on same line, closing brace on separate line",medium,"{""good"": ""if (condition1 || condition2) {\n action1;\n}\nelseif (condition3 && condition4) {\n action2;\n}\nelse {\n defaultaction;\n}"", ""bad"": ""if(condition1||condition2){action1;}else{defaultaction;}""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|control-structures|formatting,Consistent formatting prevents errors and improves maintainability,Format all control structures with proper spacing and braces DS_PHP_005,drupal_coding_standards,functions,Function Declaration Format,"Function declarations must have no space between function name and opening parenthesis, spaces after commas, and trailing comma in multi-line parameter lists",medium,"{""good"": ""function funstuff_system(\n string $foo,\n string $bar,\n int $baz,\n) {\n // function body\n}"", ""bad"": ""function funstuff_system (string $foo,string $bar,int $baz){\n // function body\n}""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|functions|formatting,Consistent function formatting improves readability and maintainability,Format function declarations according to Drupal standards DS_PHP_006,drupal_coding_standards,naming_conventions,Function and Variable Naming,Functions and variables must use lowercase letters with underscores between words (snake_case),high,"{""good"": ""$my_variable = get_user_data();"", ""bad"": ""$myVariable = getUserData();""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|naming|conventions,Consistent naming conventions ensure code consistency across Drupal projects,Use snake_case for all functions and variables DS_PHP_007,drupal_coding_standards,naming_conventions,Class Naming Convention,Classes must use UpperCamelCase naming convention,high,"{""good"": ""class UserAccountManager { }"", ""bad"": ""class user_account_manager { }""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|naming|classes,UpperCamelCase for classes is a PHP standard that improves code organization,Rename classes to use UpperCamelCase DS_PHP_008,drupal_coding_standards,naming_conventions,Constant Naming Convention,Constants must use ALL_UPPERCASE letters with underscores between words,medium,"{""good"": ""const MAX_UPLOAD_SIZE = 1048576;"", ""bad"": ""const maxUploadSize = 1048576;""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|naming|constants,Uppercase constants are easily distinguishable from variables,Use ALL_UPPERCASE for constant names DS_PHP_009,drupal_coding_standards,naming_conventions,Interface Naming Convention,Interface names must end with 'Interface' suffix,high,"{""good"": ""interface UserManagerInterface { }"", ""bad"": ""interface UserManager { }""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|naming|interfaces,The Interface suffix clearly identifies interfaces from classes,Add 'Interface' suffix to all interface names DS_PHP_010,drupal_coding_standards,type_declarations,Use Type Declarations,Always use parameter type hints and return type declarations for better type safety,high,"{""good"": ""public function processData(array $data, int $limit): string { }"", ""bad"": ""public function processData($data, $limit) { }""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|types|type-safety,Type declarations prevent type-related bugs and improve IDE support,Add parameter and return type declarations to all methods DS_PHP_011,drupal_coding_standards,visibility,Declare Method Visibility,"Always explicitly declare visibility (public, protected, private) for all methods and properties",high,"{""good"": ""private function calculateTotal(): float { }"", ""bad"": ""function calculateTotal() { }""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|visibility|oop,Explicit visibility improves encapsulation and prevents unintended access,Add visibility keywords to all class methods and properties DS_PHP_012,drupal_coding_standards,strings,String Quote Usage,Prefer single quotes for strings unless using variable interpolation or avoiding escape characters,low,"{""good"": ""$message = 'Hello World';\n$interpolated = \""Hello $name\"";"", ""bad"": ""$message = \""Hello World\"";""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|strings|quotes,Single quotes are slightly faster and make it clear no interpolation occurs,Use single quotes unless interpolation or special characters are needed DS_PHP_013,drupal_coding_standards,strings,String Concatenation Spacing,Always use spaces around the concatenation operator (.) for better readability,low,"{""good"": ""$full_name = $first_name . ' ' . $last_name;"", ""bad"": ""$full_name = $first_name.' '.$last_name;""}","[""https://www.drupal.org/docs/develop/standards/php/php-coding-standards""]",php|strings|concatenation,Consistent spacing improves code readability,Add spaces around concatenation operators DS_PSR4_001,drupal_coding_standards,psr4,PSR-4 Directory Structure,Classes must be in src/ directory with namespace matching directory structure,critical,"{""good"": ""File: modules/custom/mymodule/src/Controller/MyController.php\nNamespace: Drupal\\mymodule\\Controller"", ""bad"": ""File: modules/custom/mymodule/includes/MyController.php""}","[""https://www.drupal.org/docs/develop/standards/php/psr-4-namespaces-and-autoloading-in-drupal-8""]",psr-4|autoloading|structure,PSR-4 compliance enables automatic class loading,Move classes to src/ directory with proper namespace structure DS_PSR4_002,drupal_coding_standards,psr4,One Class Per File,Each class must be in its own file with the filename matching the class name,high,"{""good"": ""File: UserManager.php\nClass: class UserManager { }"", ""bad"": ""File: classes.php containing multiple classes""}","[""https://www.drupal.org/docs/develop/standards/php/psr-4-namespaces-and-autoloading-in-drupal-8""]",psr-4|classes|files,One class per file is required for PSR-4 autoloading,Split multiple classes into separate files DS_REQ_001,drupal_coding_standards,request_handling,Request Attribute Naming,Custom Request object attributes must be prefixed with underscore,medium,"{""good"": ""\\Drupal::request()->attributes->set('_custom_value', $value);"", ""bad"": ""\\Drupal::request()->attributes->set('custom_value', $value);""}","[""https://www.drupal.org/docs/develop/coding-standards/naming-standards-for-services-and-extending-symfony""]",request|attributes|symfony,Underscore prefix prevents conflicts with system attributes,Prefix custom request attributes with underscore DS_REQ_002,drupal_coding_standards,request_handling,Reserved Request Attributes,"Never override system-reserved request attributes like _route, _controller, _system_path",high,"{""good"": ""// Use custom attributes: _my_module_data"", ""bad"": ""\\Drupal::request()->attributes->set('_route', 'custom');""}","[""https://www.drupal.org/docs/develop/coding-standards/naming-standards-for-services-and-extending-symfony""]",request|attributes|reserved,Overriding system attributes can break routing and request handling,Use custom attribute names that don't conflict with reserved names DS_TEMP_001,drupal_coding_standards,placeholders,Temporary Placeholder Format,Use alpha-numeric placeholders with module name prefix surrounded by square brackets,low,"{""good"": ""[mymodule-placeholder]content[/mymodule-placeholder]"", ""bad"": ""{{placeholder}}content{{/placeholder}}""}","[""https://www.drupal.org/docs/develop/coding-standards/temporary-placeholders-and-delimiters""]",placeholders|delimiters|content,Consistent placeholder format prevents conflicts between modules,Use [module-tag] format for placeholders DS_TEST_001,drupal_coding_standards,testing,Test Assertion Messages,Provide descriptive assertion messages using the format '%subject% should %verb% %payload%',low,"{""good"": ""$this->assertEquals($expected, $actual, 'User name should match the expected value.');"", ""bad"": ""$this->assertEquals($expected, $actual);""}","[""https://www.drupal.org/docs/develop/coding-standards/drupal-simpletest-coding-standards""]",testing|assertions|phpunit,Descriptive messages make test failures easier to debug,Add descriptive messages to test assertions DS_TEST_002,drupal_coding_standards,testing,Test Class Naming,Test classes should end with 'Test' suffix and be in Tests namespace,medium,"{""good"": ""namespace Drupal\\Tests\\mymodule\\Unit;\nclass UserManagerTest extends UnitTestCase { }"", ""bad"": ""class TestUserManager { }""}","[""https://www.drupal.org/docs/develop/coding-standards/drupal-simpletest-coding-standards""]",testing|naming|phpunit,Consistent test naming helps with test discovery and organization,Name test classes with Test suffix in Tests namespace PHP 1.00,drupal_coding_standards,php1,Add declare(strict_types=1); at the beginning of PHP files after opening <?php tag,Add declare(strict_types=1); at the beginning of PHP files after opening <?php tag for type safety. This enables strict type checking and prevents type coercion errors.,medium,"{""good"": ""<?php\n\ndeclare(strict_types=1);\n\nnamespace Drupal\\mymodule;\n\nclass MyClass {\n public function calculate(int $number): int {\n return $number * 2; // Will throw error if $number is not int\n }\n}"", ""bad"": """"}","[""https://www.drupal.org/docs/develop/standards"", ""https://www.drupal.org/docs/develop/standards/php""]",php,, PHP 1.00,drupal_coding_standards,php,Add declare(strict_types=1) at beginning of PHP,Add declare(strict_types=1) at beginning of PHP files,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Add declare(strict_types=1) at beginning of PHP standard as described PHP 10.00,drupal_coding_standards,php,Remove trailing whitespace at end of lines,Remove trailing whitespace at end of lines,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Remove trailing whitespace at end of lines standard as described PHP 11.00,drupal_coding_standards,php,Files must end with single newline character,Files must end with single newline character,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Files must end with single newline character standard as described PHP 12.00,drupal_coding_standards,php,Never use superglobals ($_GET $_POST $_REQUEST),Never use superglobals ($_GET $_POST $_REQUEST) directly,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Never use superglobals ($_GET $_POST $_REQUEST) standard as described PHP 13.00,drupal_coding_standards,php,Use Drupal's database API instead of direct MySQL ,Use Drupal's database API instead of direct MySQL functions,medium,{},[],database|php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Drupal's database API instead of direct MySQL standard as described PHP 14.00,drupal_coding_standards,php,Don't use echo; use return values or Drupal's,Don't use echo; use return values or Drupal's messenger service,medium,{},[],php|drupal|services,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Don't use echo; use return values or Drupal's standard as described PHP 15.00,drupal_coding_standards,php,Use proper DocBlock formatting for documentation,Use proper DocBlock formatting for documentation,medium,{},[],forms|php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use proper DocBlock formatting for documentation standard as described PHP 16.00,drupal_coding_standards,php,Don't use die() or exit(); throw exceptions,Don't use die() or exit(); throw exceptions instead,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Don't use die() or exit(); throw exceptions standard as described PHP 17.00,drupal_coding_standards,php,Use Drupal's logger instead of debug functions in ,Use Drupal's logger instead of debug functions in production,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Drupal's logger instead of debug functions in standard as described PHP 18.00,drupal_coding_standards,php,Use Drupal's DateTimeInterface instead of PHP's,Use Drupal's DateTimeInterface instead of PHP's DateTime,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Drupal's DateTimeInterface instead of PHP's standard as described PHP 19.00,drupal_coding_standards,php,Never use eval() as it poses security risks,Never use eval() as it poses security risks,critical,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Never use eval() as it poses security risks standard as described PHP 2.00,drupal_coding_standards,php2,Use uppercase,"Use uppercase for TRUE, FALSE, and NULL constants instead of lowercase variants for consistency with Drupal coding standards and better readability.",medium,"{""good"": ""if ($value === TRUE) {\n return NULL;\n}\n\n$is_valid = FALSE;\n$default_value = NULL;"", ""bad"": ""if ($value === true) {\n return null;\n}""}","[""https://www.drupal.org/docs/develop/standards"", ""https://www.drupal.org/docs/develop/standards/php""]",drupal|php,, PHP 2.00,drupal_coding_standards,php,Use uppercase for TRUE FALSE and NULL constants,Use uppercase for TRUE FALSE and NULL constants,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use uppercase for TRUE FALSE and NULL constants standard as described PHP 20.00,drupal_coding_standards,php,All PHP files must include proper @file,All PHP files must include proper @file documentation,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the All PHP files must include proper @file standard as described PHP 21.00,drupal_coding_standards,php,Use Drupal's session handling instead of,Use Drupal's session handling instead of $_SESSION,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Drupal's session handling instead of standard as described PHP 22.00,drupal_coding_standards,php,Specify single class per use statement,Specify single class per use statement,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Specify single class per use statement standard as described PHP 23.00,drupal_coding_standards,php,Don't include leading backslash in use statements,Don't include leading backslash in use statements,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Don't include leading backslash in use statements standard as described PHP 24.00,drupal_coding_standards,php,Modules should use namespace Drupal\module_name,Modules should use namespace Drupal\module_name,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Modules should use namespace Drupal\module_name standard as described PHP 3.00,drupal_coding_standards,php,Inline comments must begin with capital letter,Inline comments must begin with capital letter and end with period,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Inline comments must begin with capital letter standard as described PHP 4.00,drupal_coding_standards,php,Add return type declarations for all methods,Add return type declarations for all methods,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Add return type declarations for all methods standard as described PHP 5.00,drupal_coding_standards,php,Use typed properties with proper nullability,Use typed properties with proper nullability,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use typed properties with proper nullability standard as described PHP 6.00,drupal_coding_standards,php,Add type hints and return types for all hooks,Add type hints and return types for all hooks,medium,{},[],hooks|php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Add type hints and return types for all hooks standard as described PHP 7.00,drupal_coding_standards,php,Use proper dependency injection with services,Use proper dependency injection with services,medium,{},[],injection|php|drupal|services,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use proper dependency injection with services standard as described PHP 8.00,drupal_coding_standards,php,Use short array syntax ([]) instead of array(),Use short array syntax ([]) instead of array(),medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use short array syntax ([]) instead of array() standard as described PHP 9.00,drupal_coding_standards,php,Use 2 spaces for indentation not tabs,Use 2 spaces for indentation not tabs,medium,{},[],php|drupal,Following this coding standards best practice ensures maintainable and standards-compliant code,Update your code to follow the Use 2 spaces for indentation not tabs standard as described CONFIG001,drupal_configuration,config1,Use configuration schemas (config/schema/*,Use configuration schemas (config/schema/*.yml) for all configuration entities. Define proper data types and validation for configuration values.,medium,"{""good"": ""# config/schema/mymodule.schema.yml\nmymodule.settings:\n type: config_object\n label: 'My Module settings'\n mapping:\n enabled:\n type: boolean\n label: 'Enable feature'\n api_settings:\n type: mapping\n label: 'API Settings'\n mapping:\n endpoint:\n type: uri\n label: 'API Endpoint URL'\n key:\n type: string\n label: 'API Key'\n timeout:\n type: integer\n label: 'Request timeout'\n retry_count:\n type: integer\n label: 'Number of retries'\n allowed_types:\n type: sequence\n label: 'Allowed content types'\n sequence:\n type: string\n\n# config/install/mymodule.settings.yml\nenabled: true\napi_settings:\n endpoint: 'https://api.example.com'\n key: ''\n timeout: 30\n retry_count: 3\nallowed_types:\n - article\n - page\n\n# In a ConfigFormBase\n<?php\nnamespace Drupal\\mymodule\\Form;\n\nuse Drupal\\Core\\Form\\ConfigFormBase;\nuse Drupal\\Core\\Form\\FormStateInterface;\n\nclass SettingsForm extends ConfigFormBase {\n \n /**\n * {@inheritdoc}\n */\n protected function getEditableConfigNames() {\n return ['mymodule.settings'];\n }\n \n /**\n * {@inheritdoc}\n */\n public function getFormId() {\n return 'mymodule_settings_form';\n }\n \n /**\n * {@inheritdoc}\n */\n public function buildForm(array $form, FormStateInterface $form_state) {\n $config = $this->config('mymodule.settings');\n \n $form['enabled'] = [\n '#type' => 'checkbox',\n '#title' => $this->t('Enable feature'),\n '#default_value' => $config->get('enabled'),\n ];\n \n $form['api_settings'] = [\n '#type' => 'details',\n '#title' => $this->t('API Settings'),\n '#open' => TRUE,\n ];\n \n $form['api_settings']['endpoint'] = [\n '#type' => 'url',\n '#title' => $this->t('API Endpoint'),\n '#default_value' => $config->get('api_settings.endpoint'),\n '#required' => TRUE,\n ];\n \n return parent::buildForm($form, $form_state);\n }\n \n /**\n * {@inheritdoc}\n */\n public function submitForm(array &$form, FormStateInterface $form_state) {\n $this->config('mymodule.settings')\n ->set('enabled', $form_state->getValue('enabled'))\n ->set('api_settings.endpoint', $form_state->getValue('endpoint'))\n ->save();\n \n parent::submitForm($form, $form_state);\n }\n}"", ""bad"": ""// Don't use variable_set/get (Drupal 7)\nvariable_set('mymodule_enabled', TRUE);\n$value = variable_get('mymodule_enabled', FALSE);\n\n// Don't save config without schema\n\\Drupal::configFactory()->getEditable('mymodule.random')\n ->set('value', $data)\n ->save();""}","[""https://www.drupal.org/docs/drupal-apis/configuration-api/configuration-api-overview"", ""https://www.drupal.org/docs/drupal-apis/configuration-api/configuration-schemametadata"", ""https://www.drupal.org/docs/drupal-apis/configuration-api/working-with-configuration-forms""]",,, DB001,drupal_database,db0,Use Database API instead of db_query,Use Database API instead of db_query,medium,{},[],database|drupal,Following this database best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Database API instead of db_query standard as described DB002,drupal_database,db0,Ensure hook_update_N includes proper schema,Ensure hook_update_N includes proper schema changes,medium,{},[],hooks|drupal,Following this database best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure hook_update_N includes proper schema standard as described DB003,drupal_database,db0,Use try-catch blocks for database operations,Use try-catch blocks for database operations,medium,{},[],database|drupal,Following this database best practice ensures maintainable and standards-compliant code,Update your code to follow the Use try-catch blocks for database operations standard as described DB004,drupal_database,db0,Use Schema API for table definitions,Use Schema API for table definitions,medium,{},[],drupal,Following this database best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Schema API for table definitions standard as described DB005,drupal_database,db0,Implement proper error handling for database,Implement proper error handling for database operations,medium,{},[],database|drupal,Following this database best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement proper error handling for database standard as described GHA001,drupal_devops,gha,Use actions/upload-artifact@v4 instead of older,Use actions/upload-artifact@v4 instead of older versions,medium,{},[],drupal,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Use actions/upload-artifact@v4 instead of older standard as described GHA002,drupal_devops,gha,Use actions/download-artifact@v4 instead of older,Use actions/download-artifact@v4 instead of older versions,medium,{},[],drupal,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Use actions/download-artifact@v4 instead of older standard as described GHA003,drupal_devops,gha,Use actions/checkout@v4 for latest features and,Use actions/checkout@v4 for latest features and security,critical,{},[],drupal,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Use actions/checkout@v4 for latest features and standard as described GHA004,drupal_devops,gha,Implement caching for dependencies to speed up,Implement caching for dependencies to speed up workflows,medium,{},[],caching|drupal,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement caching for dependencies to speed up standard as described GHA005,drupal_devops,gha,Use GITHUB_TOKEN with minimum required,Use GITHUB_TOKEN with minimum required permissions,medium,{},[],drupal|access,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Use GITHUB_TOKEN with minimum required standard as described GHA006,drupal_devops,gha,Set appropriate timeouts for jobs to prevent,Set appropriate timeouts for jobs to prevent hanging,medium,{},[],drupal,Following this devops best practice ensures maintainable and standards-compliant code,Update your code to follow the Set appropriate timeouts for jobs to prevent standard as described DOC001,drupal_documentation,doc,Update Available Rules/Features/Components,Update Available Rules/Features/Components section when adding elements,low,{},[],drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Update Available Rules/Features/Components standard as described DOC002,drupal_documentation,doc,Keep setup usage and configuration sections,Keep setup usage and configuration sections current,low,{},[],configuration|drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Keep setup usage and configuration sections standard as described DOC003,drupal_documentation,doc,Maintain changelog for significant updates fixes,Maintain changelog for significant updates fixes and features,low,{},[],drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Maintain changelog for significant updates fixes standard as described DOC004,drupal_documentation,doc,Ensure all file references are properly linked,Ensure all file references are properly linked,low,{},[],drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure all file references are properly linked standard as described DOC005,drupal_documentation,doc,Update version information to reflect current,Update version information to reflect current project state,low,{},[],forms|drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Update version information to reflect current standard as described DOC006,drupal_documentation,doc,Use consistent table formatting throughout,Use consistent table formatting throughout documents,low,{},[],forms|drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Use consistent table formatting throughout standard as described DOC007,drupal_documentation,doc,Ensure proper markdown heading hierarchy for,Ensure proper markdown heading hierarchy for readability,low,{},[],drupal,Following this documentation best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure proper markdown heading hierarchy for standard as described FORM001,drupal_forms,form1,Extend FormBase or ConfigFormBase,"Extend FormBase or ConfigFormBase for custom forms with proper validation and submission handling. Implement getFormId(), buildForm(), validateForm(), and submitForm() methods.",medium,"{""good"": ""<?php\n\nnamespace Drupal\\mymodule\\Form;\n\nuse Drupal\\Core\\Form\\FormBase;\nuse Drupal\\Core\\Form\\FormStateInterface;\nuse Drupal\\Core\\Messenger\\MessengerInterface;\nuse Symfony\\Component\\DependencyInjection\\ContainerInterface;\n\n/**\n * Provides a custom form.\n */\nclass CustomForm extends FormBase {\n\n /**\n * The messenger service.\n *\n * @var \\Drupal\\Core\\Messenger\\MessengerInterface\n */\n protected $messenger;\n\n /**\n * Constructs a CustomForm object.\n */\n public function __construct(MessengerInterface $messenger) {\n $this->messenger = $messenger;\n }\n\n /**\n * {@inheritdoc}\n */\n public static function create(ContainerInterface $container) {\n return new static(\n $container->get('messenger')\n );\n }\n\n /**\n * {@inheritdoc}\n */\n public function getFormId(): string {\n return 'mymodule_custom_form';\n }\n\n /**\n * {@inheritdoc}\n */\n public function buildForm(array $form, FormStateInterface $form_state): array {\n $form['name'] = [\n '#type' => 'textfield',\n '#title' => $this->t('Name'),\n '#required' => TRUE,\n '#description' => $this->t('Enter your full name.'),\n ];\n\n $form['email'] = [\n '#type' => 'email',\n '#title' => $this->t('Email'),\n '#required' => TRUE,\n ];\n\n $form['message'] = [\n '#type' => 'textarea',\n '#title' => $this->t('Message'),\n '#rows' => 5,\n ];\n\n $form['actions']['#type'] = 'actions';\n $form['actions']['submit'] = [\n '#type' => 'submit',\n '#value' => $this->t('Send message'),\n '#button_type' => 'primary',\n ];\n\n return $form;\n }\n\n /**\n * {@inheritdoc}\n */\n public function validateForm(array &$form, FormStateInterface $form_state): void {\n $name = $form_state->getValue('name');\n \n // Validate name length\n if (strlen($name) < 2) {\n $form_state->setErrorByName('name', $this->t('Name must be at least 2 characters.'));\n }\n \n // Custom email validation\n $email = $form_state->getValue('email');\n if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {\n $form_state->setErrorByName('email', $this->t('Please enter a valid email address.'));\n }\n }\n\n /**\n * {@inheritdoc}\n */\n public function submitForm(array &$form, FormStateInterface $form_state): void {\n $values = $form_state->getValues();\n \n // Process the form submission\n $this->messenger->addStatus($this->t('Thank you @name. Your message has been sent.', [\n '@name' => $values['name'],\n ]));\n \n // Redirect to home page\n $form_state->setRedirect('<front>');\n }\n}"", ""bad"": ""<?php\n// Bad practice: Not extending FormBase, no validation\nfunction mymodule_custom_form() {\n $form['name'] = [\n '#type' => 'textfield',\n '#title' => 'Name',\n ];\n \n return $form;\n}""}","[""https://www.drupal.org/docs/drupal-apis/form-api/introduction-to-form-api"", ""https://www.drupal.org/docs/drupal-apis/form-api/form-api-reference"", ""https://www.drupal.org/node/2117411""]",forms,, REACT001,drupal_frontend,rea,Specify dependencies array in useEffect,Specify dependencies array in useEffect,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Specify dependencies array in useEffect standard as described REACT002,drupal_frontend,rea,Consider combining related state variables,Consider combining related state variables,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Consider combining related state variables standard as described REACT003,drupal_frontend,rea,Ensure React.memo is used appropriately for,Ensure React.memo is used appropriately for performance,medium,{},[],forms|drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure React.memo is used appropriately for standard as described REACT004,drupal_frontend,rea,Use functional components with hooks,Use functional components with hooks,medium,{},[],hooks|drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use functional components with hooks standard as described REACT005,drupal_frontend,rea,Follow the Rules of Hooks,Follow the Rules of Hooks,medium,{},[],hooks|drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Follow the Rules of Hooks standard as described REACT006,drupal_frontend,rea,Use TypeScript for prop types,Use TypeScript for prop types,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use TypeScript for prop types standard as described TAIL001,drupal_frontend,tai,Remove multiple spaces between Tailwind classes,Remove multiple spaces between Tailwind classes,low,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Remove multiple spaces between Tailwind classes standard as described TAIL002,drupal_frontend,tai,Avoid conflicting utility classes,Avoid conflicting utility classes,low,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Avoid conflicting utility classes standard as described TAIL003,drupal_frontend,tai,Group related utilities together,Group related utilities together,low,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Group related utilities together standard as described TAIL004,drupal_frontend,tai,Use @apply for commonly repeated patterns,Use @apply for commonly repeated patterns,low,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use @apply for commonly repeated patterns standard as described TAIL005,drupal_frontend,tai,Follow responsive design patterns,Follow responsive design patterns,low,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Follow responsive design patterns standard as described VUE001,drupal_frontend,vue,Use TypeScript interfaces for prop definitions,Use TypeScript interfaces for prop definitions,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use TypeScript interfaces for prop definitions standard as described VUE002,drupal_frontend,vue,Consider using computed property instead of,Consider using computed property instead of immediate watch,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Consider using computed property instead of standard as described VUE003,drupal_frontend,vue,Avoid using v-if with v-for on same element,Avoid using v-if with v-for on same element,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Avoid using v-if with v-for on same element standard as described VUE004,drupal_frontend,vue,Use Composition API for complex components,Use Composition API for complex components,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use Composition API for complex components standard as described VUE005,drupal_frontend,vue,Use script setup syntax where appropriate,Use script setup syntax where appropriate,medium,{},[],drupal,Following this frontend best practice ensures maintainable and standards-compliant code,Update your code to follow the Use script setup syntax where appropriate standard as described COMMIT001,drupal_git,com,Use commit message prefix followed by colon and,Use commit message prefix followed by colon and space (fix: feat: etc),medium,{},[],drupal,Following this git best practice ensures maintainable and standards-compliant code,Update your code to follow the Use commit message prefix followed by colon and standard as described COMMIT002,drupal_git,com,First word after prefix should be lowercase,First word after prefix should be lowercase,medium,{},[],drupal,Following this git best practice ensures maintainable and standards-compliant code,Update your code to follow the First word after prefix should be lowercase standard as described COMMIT003,drupal_git,com,Keep commit message content under 46 characters,Keep commit message content under 46 characters excluding prefix,medium,{},[],drupal,Following this git best practice ensures maintainable and standards-compliant code,Update your code to follow the Keep commit message content under 46 characters standard as described COMMIT004,drupal_git,com,Include a space after the colon in commit prefix,Include a space after the colon in commit prefix,medium,{},[],drupal,Following this git best practice ensures maintainable and standards-compliant code,Update your code to follow the Include a space after the colon in commit prefix standard as described HOOK001,drupal_hooks,hook1,Implement hook_help() to provide module documentation and usage instructions,Implement hook_help() to provide module documentation and usage instructions. This helps users understand how to use your module and appears on the module's help page.,medium,"{""good"": ""/**\n * Implements hook_help().\n */\nfunction mymodule_help(string $route_name, RouteMatchInterface $route_match): string {\n switch ($route_name) {\n case 'help.page.mymodule':\n $output = '<h3>' . t('About') . '</h3>';\n $output .= '<p>' . t('This module provides custom functionality for...') . '</p>';\n $output .= '<h3>' . t('Usage') . '</h3>';\n $output .= '<p>' . t('To use this module:') . '</p>';\n $output .= '<ul>';\n $output .= '<li>' . t('Configure settings at <a href=\"":url\"">Configuration page</a>', [':url' => Url::fromRoute('mymodule.settings')->toString()]) . '</li>';\n $output .= '</ul>';\n return $output;\n \n case 'mymodule.settings':\n return '<p>' . t('Configure the module settings below.') . '</p>';\n }\n \n return '';\n}"", ""bad"": """"}","[""https://api.drupal.org/api/drupal/core!core.api.php/group/hooks""]",hooks,, THIRD001,drupal_integration,thi,Implement proper error handling for external,Implement proper error handling for external services,medium,{},[],drupal|services,Following this integration best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement proper error handling for external standard as described THIRD002,drupal_integration,thi,Use configuration management for API credentials,Use configuration management for API credentials,medium,{},[],configuration|drupal,Following this integration best practice ensures maintainable and standards-compliant code,Update your code to follow the Use configuration management for API credentials standard as described THIRD003,drupal_integration,thi,Create service abstractions for external APIs,Create service abstractions for external APIs,medium,{},[],drupal|services,Following this integration best practice ensures maintainable and standards-compliant code,Update your code to follow the Create service abstractions for external APIs standard as described THIRD004,drupal_integration,thi,Implement retry mechanisms for external service,Implement retry mechanisms for external service calls,medium,{},[],drupal|services,Following this integration best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement retry mechanisms for external service standard as described THIRD005,drupal_integration,thi,Monitor integration health and performance,Monitor integration health and performance,medium,{},[],forms|drupal,Following this integration best practice ensures maintainable and standards-compliant code,Update your code to follow the Monitor integration health and performance standard as described JS001,drupal_javascript,js1,Use Drupal behaviors instead of IIFE (Immediately Invoked Function Expression),Use Drupal behaviors instead of IIFE (Immediately Invoked Function Expression) for proper integration with Drupal's JavaScript framework. Behaviors are re-executed when new content is added via AJAX.,medium,"{""good"": ""(function ($, Drupal, drupalSettings) {\n 'use strict';\n\n /**\n * Attaches the myFeature behavior.\n *\n * @type {Drupal~behavior}\n */\n Drupal.behaviors.myModuleFeature = {\n attach: function (context, settings) {\n // Use once() to ensure code runs only once per element\n $('.my-element', context).once('my-module-feature').each(function () {\n var $element = $(this);\n \n // Initialize your feature\n $element.on('click', function (e) {\n e.preventDefault();\n // Handle click\n });\n });\n },\n \n detach: function (context, settings, trigger) {\n // Clean up when content is removed\n if (trigger === 'unload') {\n $('.my-element', context).removeOnce('my-module-feature').each(function () {\n $(this).off('click');\n });\n }\n }\n };\n\n})(jQuery, Drupal, drupalSettings);"", ""bad"": ""// Don't use IIFE without Drupal behaviors\n(function($) {\n $(document).ready(function() {\n // This won't work with AJAX-loaded content\n $('.my-element').click(function() {\n // Handle click\n });\n });\n})(jQuery);""}","[""https://www.drupal.org/docs/drupal-apis/javascript-api/javascript-api-overview"", ""https://www.drupal.org/docs/develop/standards/javascript/javascript-coding-standards"", ""https://www.drupal.org/node/2269515""]",drupal|javascript,, JS001,drupal_javascript,js0,Use Drupal behaviors instead of IIFE (Immediately ,Use Drupal behaviors instead of IIFE (Immediately Invoked Function Expression),medium,"{""good"": ""(function ($, Drupal, drupalSettings) {\n 'use strict';\n\n /**\n * Attaches the myFeature behavior.\n *\n * @type {Drupal~behavior}\n */\n Drupal.behaviors.myModuleFeature = {\n attach: function (context, settings) {\n // Use once() to ensure code runs only once per element\n $('.my-element', context).once('my-module-feature').each(function () {\n var $element = $(this);\n \n // Initialize your feature\n $element.on('click', function (e) {\n e.preventDefault();\n // Handle click\n });\n });\n },\n \n detach: function (context, settings, trigger) {\n // Clean up when content is removed\n if (trigger === 'unload') {\n $('.my-element', context).removeOnce('my-module-feature').each(function () {\n $(this).off('click');\n });\n }\n }\n };\n\n})(jQuery, Drupal, drupalSettings);"", ""bad"": ""// Don't use IIFE without Drupal behaviors\n(function($) {\n $(document).ready(function() {\n // This won't work with AJAX-loaded content\n $('.my-element').click(function() {\n // Handle click\n });\n });\n})(jQuery);""}","[""https://www.drupal.org/docs/drupal-apis/javascript-api/javascript-api-overview"", ""https://www.drupal.org/docs/develop/standards/javascript/javascript-coding-standards"", ""https://www.drupal.org/node/2269515""]",drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Review the 'good' example provided and update your code to match the recommended pattern JS002,drupal_javascript,js2,Cache jQuery selectors in variables for better performance: var $element = $(',Cache jQuery selectors in variables for better performance: var $element = $('.selector'); instead of repeated $('.selector') calls. This reduces DOM queries and improves performance.,medium,"{""good"": ""Drupal.behaviors.myModuleOptimized = {\n attach: function (context, settings) {\n // Cache jQuery objects\n var $container = $('.my-container', context);\n var $buttons = $container.find('.action-button');\n var $modal = $('#my-modal');\n var $form = $modal.find('form');\n \n $buttons.once('my-module-click').on('click', function (e) {\n e.preventDefault();\n \n var $button = $(this);\n var itemId = $button.data('item-id');\n \n // Reuse cached objects\n $modal.addClass('is-visible');\n $form.find('input[name=\""item_id\""]').val(itemId);\n });\n }\n};"", ""bad"": ""Drupal.behaviors.myModuleInefficient = {\n attach: function (context) {\n // Repeated jQuery selections are inefficient\n $('.action-button').on('click', function() {\n $('#my-modal').show();\n $('#my-modal').find('form').submit();\n $('#my-modal').find('.title').text('Updated');\n $('.my-container').addClass('active');\n $('.my-container').find('.status').show();\n });\n }\n};""}","[""https://www.drupal.org/docs/develop/standards/javascript/javascript-coding-standards#jquery-cache"", ""https://www.drupal.org/docs/drupal-apis/javascript-api/javascript-api-overview#caching""]",forms|performance|caching|javascript,, JS002,drupal_javascript,js0,Cache jQuery selectors for better performance,Cache jQuery selectors for better performance,medium,"{""good"": ""Drupal.behaviors.myModuleOptimized = {\n attach: function (context, settings) {\n // Cache jQuery objects\n var $container = $('.my-container', context);\n var $buttons = $container.find('.action-button');\n var $modal = $('#my-modal');\n var $form = $modal.find('form');\n \n $buttons.once('my-module-click').on('click', function (e) {\n e.preventDefault();\n \n var $button = $(this);\n var itemId = $button.data('item-id');\n \n // Reuse cached objects\n $modal.addClass('is-visible');\n $form.find('input[name=\""item_id\""]').val(itemId);\n });\n }\n};"", ""bad"": ""Drupal.behaviors.myModuleInefficient = {\n attach: function (context) {\n // Repeated jQuery selections are inefficient\n $('.action-button').on('click', function() {\n $('#my-modal').show();\n $('#my-modal').find('form').submit();\n $('#my-modal').find('.title').text('Updated');\n $('.my-container').addClass('active');\n $('.my-container').find('.status').show();\n });\n }\n};""}","[""https://www.drupal.org/docs/develop/standards/javascript/javascript-coding-standards#jquery-cache"", ""https://www.drupal.org/docs/drupal-apis/javascript-api/javascript-api-overview#caching""]",drupal|javascript|forms|database|caching,Following this javascript best practice ensures maintainable and standards-compliant code,Review the 'good' example provided and update your code to match the recommended pattern JS003,drupal_javascript,js0,Implement proper error handling for AJAX calls,Implement proper error handling for AJAX calls,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Implement proper error handling for AJAX calls standard as described JS004,drupal_javascript,js0,Use const or let instead of var (ES6+),Use const or let instead of var (ES6+),medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Use const or let instead of var (ES6+) standard as described JS005,drupal_javascript,js0,Add JSDoc documentation for JavaScript functions,Add JSDoc documentation for JavaScript functions,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Add JSDoc documentation for JavaScript functions standard as described JS006,drupal_javascript,js0,Use async/await for asynchronous operations,Use async/await for asynchronous operations,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Use async/await for asynchronous operations standard as described JS007,drupal_javascript,js0,Avoid unnecessary state updates in React,Avoid unnecessary state updates in React,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Avoid unnecessary state updates in React standard as described JS008,drupal_javascript,js0,Use React.memo() to optimize component re-renders,Use React.memo() to optimize component re-renders,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Use React.memo() to optimize component re-renders standard as described JS009,drupal_javascript,js0,Avoid using anonymous functions in render methods,Avoid using anonymous functions in render methods,medium,{},[],drupal|javascript,Following this javascript best practice ensures maintainable and standards-compliant code,Update your code to follow the Avoid using anonymous functions in render methods standard as described NODE001,drupal_nodejs,nod,Ensure package.json specifies required Node.js,Ensure package.json specifies required Node.js version,medium,{},[],drupal,Following this nodejs best practice ensures maintainable and standards-compliant code,Update your code to follow the Ensure package.json specifies required Node.js standard as described NODE002,drupal_nodejs,nod,Include .nvmrc file in root directory,Include .nvmrc file in root directory,medium,{},[],drupal,Following this nodejs best practice ensures maintainable and standards-compliant code,Update your code to follow the Include .nvmrc file in root directory standard as described NODE003,drupal_nodejs,nod,Use latest stable Node.js version for Drupal,Use latest stable Node.js version for Drupal projects,medium,{},[],drupal,Following this nodejs best practice ensures maintainable and standards-compliant code,Update your code to follow the Use latest stable Node.js version for Drupal standard as described CACHE001,drupal_performance,cache1,Implement cache tags for content-based cache invalidation (#cache['tags']),Implement cache tags for content-based cache invalidation (#cache['tags']). Use entity-specific tags and custom tags to ensure proper cache invalidation when content changes.,medium,"{""good"": ""<?php\nuse Drupal\\Core\\Cache\\CacheableMetadata;\n\nclass MyController {\n \n public function content() {\n $node = Node::load(123);\n $user = User::load(456);\n \n // Build render array with cache metadata\n $build = [\n '#theme' => 'my_custom_theme',\n '#node' => $node,\n '#user' => $user,\n '#cache' => [\n // Cache tags for invalidation\n 'tags' => [\n 'node:' . $node->id(),\n 'user:' . $user->id(),\n 'config:mymodule.settings',\n 'mymodule:custom_tag',\n ],\n // Cache contexts for variations\n 'contexts' => [\n 'user', // Vary by current user\n 'user.permissions', // Vary by permissions\n 'languages:language_interface',\n 'url.query_args:page',\n 'route',\n ],\n // Max age in seconds (3600 = 1 hour)\n 'max-age' => 3600,\n ],\n ];\n \n // Add cache metadata programmatically\n $cache_metadata = new CacheableMetadata();\n $cache_metadata->addCacheTags(['node_list']);\n $cache_metadata->addCacheContexts(['user.roles']);\n \n // Add metadata from entities\n $cache_metadata->addCacheableDependency($node);\n $cache_metadata->addCacheableDependency($user);\n \n // Apply to render array\n $cache_metadata->applyTo($build);\n \n return $build;\n }\n \n // Cache data programmatically\n public function getCachedData($id) {\n $cid = 'mymodule:data:' . $id;\n \n // Try to get from cache\n if ($cache = \\Drupal::cache()->get($cid)) {\n return $cache->data;\n }\n \n // Build expensive data\n $data = $this->buildExpensiveData($id);\n \n // Store in cache with tags\n \\Drupal::cache()->set($cid, $data, Cache::PERMANENT, [\n 'mymodule:data',\n 'node:' . $id,\n ]);\n \n return $data;\n }\n}"", ""bad"": ""<?php\n// No cache metadata - will cause stale content\n$build = [\n '#theme' => 'my_theme',\n '#data' => $data,\n];\n\n// Missing cache contexts - won't vary per user\n$build['#cache']['tags'] = ['node:123'];\n\n// No cache tags - can't be invalidated\nreturn ['#markup' => $content];""}","[""https://www.drupal.org/docs/drupal-apis/cache-api/cache-api"", ""https://www.drupal.org/docs/drupal-apis/render-api/cacheability-of-render-arrays"", ""https://www.drupal.org/docs/8/api/cache-api/cache-tags""]",caching,, DS007,drupal_performance,caching,Use Render Caching,Implement proper cache tags and contexts,medium,"{""good"": ""$build['#cache'] = ['tags' => ['node:' . $nid], 'contexts' => ['user']];"", ""bad"": ""// No cache metadata""}","[""https://www.drupal.org/docs/drupal-apis/cache-api""]",performance|caching|render,Proper caching improves site performance significantly,Add cache metadata to all render arrays PERF001,drupal_performance,perf1,"Implement proper cache tags, contexts, and max-age","Implement proper cache tags, contexts, and max-age for render arrays and responses. Use entity-specific cache tags and appropriate cache contexts for user-specific content.",medium,"{""good"": ""$build = [\n '#theme' => 'product_list',\n '#products' => $products,\n '#cache' => [\n 'tags' => [\n 'product_list',\n 'config:mymodule.settings',\n ] + array_map(fn($p) => 'product:' . $p->id(), $products),\n 'contexts' => [\n 'user.roles',\n 'url.query_args:page',\n 'url.query_args:sort',\n ],\n 'max-age' => 3600, // 1 hour\n ],\n];\n\n// In controller\npublic function productList(): array {\n $products = $this->getProducts();\n \n $response = [\n '#theme' => 'product_list',\n '#products' => $products,\n ];\n \n // Add cache metadata\n $cache_metadata = new CacheableMetadata();\n $cache_metadata->addCacheTags(['product_list']);\n $cache_metadata->addCacheContexts(['user.roles']);\n $cache_metadata->setCacheMaxAge(3600);\n \n foreach ($products as $product) {\n $cache_metadata->addCacheTags(['product:' . $product->id()]);\n }\n \n $cache_metadata->applyTo($response);\n \n return $response;\n}"", ""bad"": """"}","[""https://www.drupal.org/docs/drupal-apis/cache-api""]",performance|caching,, PERF001,drupal_performance,per,Implement proper cache tags contexts and max-age,Implement proper cache tags contexts and max-age,medium,{},[],caching|performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Implement proper cache tags contexts and max-age standard as described PERF002,drupal_performance,per,Optimize database queries with proper indices and ,Optimize database queries with proper indices and JOINs,medium,{},[],database|performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Optimize database queries with proper indices and standard as described PERF003,drupal_performance,per,Use lazy loading for expensive operations,Use lazy loading for expensive operations,medium,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Use lazy loading for expensive operations standard as described PERF004,drupal_performance,per,Use batch API for long-running operations,Use batch API for long-running operations,medium,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Use batch API for long-running operations standard as described PERF005,drupal_performance,per,Implement static caching for repeated operations,Implement static caching for repeated operations,medium,{},[],caching|performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Implement static caching for repeated operations standard as described PERF006,drupal_performance,per,Optimize theme assets and minimize file sizes,Optimize theme assets and minimize file sizes,medium,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Optimize theme assets and minimize file sizes standard as described PERF007,drupal_performance,per,Use Drupal's library system for asset management,Use Drupal's library system for asset management,medium,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Use Drupal's library system for asset management standard as described PERF008,drupal_performance,per,Implement lazy loading for images and media,Implement lazy loading for images and media,medium,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to follow the Implement lazy loading for images and media standard as described PERF009,drupal_performance,per,Implement batch operations for long-running form submissions,"Avoid long-running operations when submitting forms, in particular when submissing large arrays of data via CSV or JSON or other formats, running migrations via custom form submissions or implementing content import via form submission handlers bypassing Drupal batch API",critical,{},[],performance|drupal,Implementing this optimization significantly improves site performance and user experience,Update your code to implement batch jobs and avoid running Drupal content migrations bypassing Drupal migrations interface PLUGIN001,drupal_plugins,plugin1,Use proper plugin annotations with all required properties and implement required interfaces,Use proper plugin annotations with all required properties and implement required interfaces. Follow the plugin discovery pattern with proper base classes.,medium,"{""good"": ""/**\n * Provides a custom data processor plugin.\n *\n * @Plugin(\n * id = \""custom_processor\"",\n * label = @Translation(\""Custom Data Processor\""),\n * description = @Translation(\""Processes data using custom logic.\""),\n * category = @Translation(\""Data Processing\""),\n * weight = 10\n * )\n */\nclass CustomProcessor extends PluginBase implements DataProcessorInterface, ContainerFactoryPluginInterface {\n \n public function __construct(\n array $configuration,\n string $plugin_id,\n mixed $plugin_definition,\n protected LoggerInterface $logger,\n ) {\n parent::__construct($configuration, $plugin_id, $plugin_definition);\n }\n \n public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition): static {\n return new static(\n $configuration,\n $plugin_id,\n $plugin_definition,\n $container->get('logger.factory')->get('mymodule'),\n );\n }\n \n public function process(array $data): array {\n // Plugin implementation\n return $processed_data;\n }\n}"", ""bad"": """"}",[],,, ROUTE001,drupal_routing,route1,Define routes in *,"Define routes in *.routing.yml files with proper path patterns and requirements. Use entity parameters, access controls, and proper HTTP methods for RESTful design.",medium,"{""good"": ""# mymodule.routing.yml\nmymodule.admin_config:\n path: '/admin/config/mymodule'\n defaults:\n _form: '\\Drupal\\mymodule\\Form\\ConfigForm'\n _title: 'My Module Configuration'\n requirements:\n _permission: 'administer mymodule'\n\nmymodule.user_data:\n path: '/user/{user}/mymodule-data'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\UserDataController::view'\n _title: 'User Data'\n requirements:\n _custom_access: '\\Drupal\\mymodule\\Access\\UserDataAccess::access'\n options:\n parameters:\n user:\n type: entity:user\n\nmymodule.api_endpoint:\n path: '/api/mymodule/data/{id}'\n defaults:\n _controller: '\\Drupal\\mymodule\\Controller\\ApiController::getData'\n requirements:\n _access: 'TRUE'\n id: \\d+\n methods: [GET, POST]"", ""bad"": """"}",[],routing,, DS001,drupal_security,sql_injection,Use Database API for Queries,Never concatenate user input into SQL queries,critical,"{""good"": ""$query = $connection->select('users', 'u')->condition('name', $name);"", ""bad"": ""db_query('SELECT * FROM users WHERE name = ' . $_GET['name']);""}","[""https://www.drupal.org/docs/security/sql-injection"", ""https://owasp.org/www-community/attacks/SQL_Injection""]",security|database|sql,"SQL injection can lead to data theft, data loss, and complete system compromise",Use Drupal's Database API with placeholders or the query builder DS002,drupal_security,xss,Escape Output in Templates,Always escape variables in Twig templates,critical,"{""good"": ""{{ title }}"", ""bad"": ""{{ title|raw }}""}","[""https://www.drupal.org/docs/security/cross-site-scripting""]",security|output|twig,XSS attacks can steal user sessions and compromise accounts,Use Twig's auto-escape or explicit escape filters DS003,drupal_security,csrf,Use Form API CSRF Protection,Leverage Drupal's built-in CSRF tokens,high,"{""good"": ""$form['#token'] = 'my_form';"", ""bad"": ""// No CSRF protection""}","[""https://www.drupal.org/docs/security/csrf""]",security|forms,CSRF attacks can perform unauthorized actions,Always use Form API which includes CSRF protection DS006,drupal_security,access_control,Check User Permissions,Always verify user permissions before sensitive operations,critical,"{""good"": ""if (\\Drupal::currentUser()->hasPermission('administer content')) { ... }"", ""bad"": ""// No permission check""}","[""https://www.drupal.org/docs/security/access-control""]",security|permissions|access,Missing permission checks can expose sensitive functionality,Use permission checks or access control handlers DS009,drupal_security,file_uploads,Validate File Extensions,Restrict allowed file extensions for uploads,high,"{""good"": ""'file_extensions' => 'pdf doc docx'"", ""bad"": ""// No file extension restrictions""}","[""https://www.drupal.org/docs/security/file-security""]",security|files|uploads,Unrestricted file uploads can lead to code execution,Configure file fields with appropriate extension restrictions PERM001,drupal_security,per,sites/default directory should have 755,sites/default directory should have 755 permissions,medium,{},[],drupal|security|access,This security measure prevents per vulnerabilities and protects against malicious attacks,Update your code to follow the sites/default directory should have 755 standard as described PERM002,drupal_security,per,settings.php should have 444 permissions,settings.php should have 444 permissions (read-only),medium,{},[],drupal|security|access,This security measure prevents per vulnerabilities and protects against malicious attacks,Update your code to follow the settings.php should have 444 permissions standard as described PERM003,drupal_security,per,services.yml should have 444 permissions,services.yml should have 444 permissions (read-only),medium,{},[],drupal|access|security|services,This security measure prevents per vulnerabilities and protects against malicious attacks,Update your code to follow the services.yml should have 444 permissions standard as described PERM004,drupal_security,per,Use ahoy cli commands instead of direct docker,Use ahoy cli commands instead of direct docker compose exec,medium,{},[],drupal|security,This security measure prevents per vulnerabilities and protects against malicious attacks,Update your code to follow the Use ahoy cli commands instead of direct docker standard as described PERM005,drupal_security,per,Verify permissions with drush status-report,Verify permissions with drush status-report,medium,{},[],drupal|security|access,This security measure prevents per vulnerabilities and protects against malicious attacks,Update your code to follow the Verify permissions with drush status-report standard as described SEC001,drupal_security,sec1,Always use parameterized queries with placeholders (:placeholder),Always use parameterized queries with placeholders (:placeholder) to prevent SQL injection attacks. Never concatenate user input directly into SQL queries.,critical,"{""good"": ""<?php\n// Using Database API with placeholders\n$database = \\Drupal::database();\n\n// SELECT query with conditions\n$query = $database->select('users_field_data', 'u')\n ->fields('u', ['uid', 'name', 'mail'])\n ->condition('status', 1)\n ->condition('created', strtotime('-30 days'), '>')\n ->orderBy('created', 'DESC')\n ->range(0, 10);\n\n$results = $query->execute()->fetchAll();\n\n// INSERT with placeholders\n$database->insert('mymodule_log')\n ->fields([\n 'uid' => \\Drupal::currentUser()->id(),\n 'message' => $message,\n 'severity' => $severity,\n 'timestamp' => \\Drupal::time()->getRequestTime(),\n ])\n ->execute();\n\n// UPDATE with conditions\n$database->update('mymodule_data')\n ->fields(['status' => 1])\n ->condition('uid', $uid)\n ->condition('type', $allowed_types, 'IN')\n ->execute();\n\n// Using query with placeholders for complex queries\n$query = $database->query(\n \""SELECT n.nid, n.title, COUNT(c.cid) as comment_count \n FROM {node} n \n LEFT JOIN {comment} c ON n.nid = c.entity_id \n WHERE n.type = :type AND n.status = :status \n GROUP BY n.nid, n.title\"",\n [\n ':type' => 'article',\n ':status' => 1,\n ]\n);"", ""bad"": ""<?php\n// NEVER DO THIS - SQL Injection vulnerability\n$uid = $_GET['uid'];\n$type = $_POST['type'];\n\n// Direct concatenation - DANGEROUS!\ndb_query(\""SELECT * FROM users WHERE uid = \"" . $uid);\ndb_query(\""SELECT * FROM node WHERE type = '\"" . $type . \""'\"");\n\n// Even with Drupal 8/9/10 - still vulnerable\n$database = \\Drupal::database();\n$database->query(\""SELECT * FROM {users} WHERE name = '\"" . $_GET['name'] . \""'\"");""}","[""https://www.drupal.org/docs/drupal-apis/database-api/database-api-overview"", ""https://www.drupal.org/docs/security-in-drupal/writing-secure-code-for-drupal"", ""https://www.drupal.org/docs/drupal-apis/database-api/dynamic-queries""]",security,, SEC001,drupal_security,sec,Always use parameterized queries with,Always use parameterized queries with placeholders,critical,"{""good"": ""<?php\n// Using Database API with placeholders\n$database = \\Drupal::database();\n\n// SELECT query with conditions\n$query = $database->select('users_field_data', 'u')\n ->fields('u', ['uid', 'name', 'mail'])\n ->condition('status', 1)\n ->condition('created', strtotime('-30 days'), '>')\n ->orderBy('created', 'DESC')\n ->range(0, 10);\n\n$results = $query->execute()->fetchAll();\n\n// INSERT with placeholders\n$database->insert('mymodule_log')\n ->fields([\n 'uid' => \\Drupal::currentUser()->id(),\n 'message' => $message,\n 'severity' => $severity,\n 'timestamp' => \\Drupal::time()->getRequestTime(),\n ])\n ->execute();\n\n// UPDATE with conditions\n$database->update('mymodule_data')\n ->fields(['status' => 1])\n ->condition('uid', $uid)\n ->condition('type', $allowed_types, 'IN')\n ->execute();\n\n// Using query with placeholders for complex queries\n$query = $database->query(\n \""SELECT n.nid, n.title, COUNT(c.cid) as comment_count \n FROM {node} n \n LEFT JOIN {comment} c ON n.nid = c.entity_id \n WHERE n.type = :type AND n.status = :status \n GROUP BY n.nid, n.title\"",\n [\n ':type' => 'article',\n ':status' => 1,\n ]\n);"", ""bad"": ""<?php\n// NEVER DO THIS - SQL Injection vulnerability\n$uid = $_GET['uid'];\n$type = $_POST['type'];\n\n// Direct concatenation - DANGEROUS!\ndb_query(\""SELECT * FROM users WHERE uid = \"" . $uid);\ndb_query(\""SELECT * FROM node WHERE type = '\"" . $type . \""'\"");\n\n// Even with Drupal 8/9/10 - still vulnerable\n$database = \\Drupal::database();\n$database->query(\""SELECT * FROM {users} WHERE name = '\"" . $_GET['name'] . \""'\"");""}","[""https://www.drupal.org/docs/drupal-apis/database-api/database-api-overview"", ""https://www.drupal.org/docs/security-in-drupal/writing-secure-code-for-drupal"", ""https://www.drupal.org/docs/drupal-apis/database-api/dynamic-queries""]",drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Review the 'good' example provided and update your code to match the recommended pattern SEC002,drupal_security,sec2,Use Drupal's t() function,"Use Drupal's t() function for user-visible strings with proper placeholder sanitization. Use @variable for escaped output, %variable for emphasized text, and :variable for URLs.",critical,"{""good"": ""<?php\nuse Drupal\\Core\\StringTranslation\\StringTranslationTrait;\n\nclass MyClass {\n use StringTranslationTrait;\n \n public function getMessage($user_name, $count, $url) {\n // Use @variable for plain text (HTML escaped)\n $message = $this->t('Hello @username, you have @count new messages.', [\n '@username' => $user_name,\n '@count' => $count,\n ]);\n \n // Use %variable for emphasized text (HTML escaped + <em> tags)\n $warning = $this->t('The file %filename could not be uploaded.', [\n '%filename' => $filename,\n ]);\n \n // Use :variable for URLs (HTML escaped + URL validation)\n $link_text = $this->t('Visit our <a href=\"":url\"">documentation page</a> for more info.', [\n ':url' => $url,\n ]);\n \n // Use !variable only when HTML is pre-sanitized (RARE)\n $safe_html = Xss::filter($user_input, ['em', 'strong']);\n $output = $this->t('User said: !message', [\n '!message' => $safe_html,\n ]);\n \n // Format plural strings\n $items = $this->formatPlural($count,\n '1 item remaining',\n '@count items remaining',\n ['@count' => $count]\n );\n }\n}"", ""bad"": ""<?php\n// Direct concatenation - no escaping!\n$message = 'Hello ' . $user_name;\n\n// Using !variable with unsafe input - XSS vulnerability!\n$output = t('User input: !input', ['!input' => $_GET['message']]);\n\n// Not using t() function\n$error = 'File upload failed for ' . $filename;""}","[""https://www.drupal.org/docs/security-in-drupal/sanitizing-output-to-prevent-cross-site-scripting/overview"", ""https://www.drupal.org/docs/drupal-apis/string-api/localization-api/string-translation-api"", ""https://api.drupal.org/api/drupal/core!lib!Drupal!Core!StringTranslation!TranslatableMarkup.php/class/TranslatableMarkup""]",drupal|security,, SEC002,drupal_security,sec,Use Drupal's t() function for user-visible,Use Drupal's t() function for user-visible strings,critical,"{""good"": ""<?php\nuse Drupal\\Core\\StringTranslation\\StringTranslationTrait;\n\nclass MyClass {\n use StringTranslationTrait;\n \n public function getMessage($user_name, $count, $url) {\n // Use @variable for plain text (HTML escaped)\n $message = $this->t('Hello @username, you have @count new messages.', [\n '@username' => $user_name,\n '@count' => $count,\n ]);\n \n // Use %variable for emphasized text (HTML escaped + <em> tags)\n $warning = $this->t('The file %filename could not be uploaded.', [\n '%filename' => $filename,\n ]);\n \n // Use :variable for URLs (HTML escaped + URL validation)\n $link_text = $this->t('Visit our <a href=\"":url\"">documentation page</a> for more info.', [\n ':url' => $url,\n ]);\n \n // Use !variable only when HTML is pre-sanitized (RARE)\n $safe_html = Xss::filter($user_input, ['em', 'strong']);\n $output = $this->t('User said: !message', [\n '!message' => $safe_html,\n ]);\n \n // Format plural strings\n $items = $this->formatPlural($count,\n '1 item remaining',\n '@count items remaining',\n ['@count' => $count]\n );\n }\n}"", ""bad"": ""<?php\n// Direct concatenation - no escaping!\n$message = 'Hello ' . $user_name;\n\n// Using !variable with unsafe input - XSS vulnerability!\n$output = t('User input: !input', ['!input' => $_GET['message']]);\n\n// Not using t() function\n$error = 'File upload failed for ' . $filename;""}","[""https://www.drupal.org/docs/security-in-drupal/sanitizing-output-to-prevent-cross-site-scripting/overview"", ""https://www.drupal.org/docs/drupal-apis/string-api/localization-api/string-translation-api"", ""https://api.drupal.org/api/drupal/core!lib!Drupal!Core!StringTranslation!TranslatableMarkup.php/class/TranslatableMarkup""]",drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Review the 'good' example provided and update your code to match the recommended pattern SEC003,drupal_security,sec,Apply appropriate filtering: Html::escape(),Apply appropriate filtering: Html::escape() Xss::filter(),critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Apply appropriate filtering: Html::escape() standard as described SEC004,drupal_security,sec,Always include form tokens for CSRF protection,Always include form tokens for CSRF protection,critical,{},[],forms|drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Always include form tokens for CSRF protection standard as described SEC005,drupal_security,sec,Validate file paths before operations to prevent,Validate file paths before operations to prevent path traversal,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Validate file paths before operations to prevent standard as described SEC006,drupal_security,sec,Avoid command execution functions entirely,Avoid command execution functions entirely,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Avoid command execution functions entirely standard as described SEC007,drupal_security,sec,Use stream wrappers instead of direct file paths,Use stream wrappers instead of direct file paths,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use stream wrappers instead of direct file paths standard as described SEC008,drupal_security,sec,Implement proper input validation for all user,Implement proper input validation for all user data,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement proper input validation for all user standard as described SEC009,drupal_security,sec,Use Twig's automatic escaping in templates,Use Twig's automatic escaping in templates,critical,{},[],drupal|security|twig,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use Twig's automatic escaping in templates standard as described SEC010,drupal_security,sec,Validate and whitelist URLs before making HTTP,Validate and whitelist URLs before making HTTP requests,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Validate and whitelist URLs before making HTTP standard as described SEC011,drupal_security,sec,Implement network-level access controls for,Implement network-level access controls for internal services,critical,{},[],drupal|access|security|services,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement network-level access controls for standard as described SEC012,drupal_security,sec,Set reasonable timeouts for all HTTP requests,Set reasonable timeouts for all HTTP requests,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Set reasonable timeouts for all HTTP requests standard as described SEC013,drupal_security,sec,Disable HTTP redirects or limit redirect chains,Disable HTTP redirects or limit redirect chains,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Disable HTTP redirects or limit redirect chains standard as described SEC014,drupal_security,sec,Use allowlists rather than blocklists for,Use allowlists rather than blocklists for domains/IPs,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use allowlists rather than blocklists for standard as described SEC015,drupal_security,sec,Always define access requirements in route,Always define access requirements in route definitions,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Always define access requirements in route standard as described SEC016,drupal_security,sec,Use permission-based access checks in routes,Use permission-based access checks in routes,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use permission-based access checks in routes standard as described SEC017,drupal_security,sec,Always check entity access before operations,Always check entity access before operations,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Always check entity access before operations standard as described SEC018,drupal_security,sec,Use EntityAccessControlHandler for consistent,Use EntityAccessControlHandler for consistent access control,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use EntityAccessControlHandler for consistent standard as described SEC019,drupal_security,sec,Inject AccountProxyInterface rather than calling,Inject AccountProxyInterface rather than calling currentUser(),critical,{},[],drupal|injection|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Inject AccountProxyInterface rather than calling standard as described SEC020,drupal_security,sec,Use AccessResult methods with proper caching,Use AccessResult methods with proper caching metadata,critical,{},[],drupal|caching|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use AccessResult methods with proper caching standard as described SEC021,drupal_security,sec,Store sensitive configuration in environment,Store sensitive configuration in environment variables,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Store sensitive configuration in environment standard as described SEC022,drupal_security,sec,Use Drupal's Key module for storing encryption,Use Drupal's Key module for storing encryption keys,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use Drupal's Key module for storing encryption standard as described SEC023,drupal_security,sec,Use SHA-256 or SHA-512 for non-password data,Use SHA-256 or SHA-512 for non-password data hashing,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use SHA-256 or SHA-512 for non-password data standard as described SEC024,drupal_security,sec,Use AES-256-GCM for encryption with proper,Use AES-256-GCM for encryption with proper algorithms,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use AES-256-GCM for encryption with proper standard as described SEC025,drupal_security,sec,Enforce HTTPS site-wide using settings.php,Enforce HTTPS site-wide using settings.php configuration,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Enforce HTTPS site-wide using settings.php standard as described SEC026,drupal_security,sec,Use secure cookies (secure HttpOnly SameSite),Use secure cookies (secure HttpOnly SameSite),critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use secure cookies (secure HttpOnly SameSite) standard as described SEC027,drupal_security,sec,Implement proper Content-Security-Policy headers,Implement proper Content-Security-Policy headers,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement proper Content-Security-Policy headers standard as described SEC028,drupal_security,sec,Regularly rotate encryption keys and credentials,Regularly rotate encryption keys and credentials,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Regularly rotate encryption keys and credentials standard as described SEC029,drupal_security,sec,Configure trusted_host_patterns to prevent HTTP,Configure trusted_host_patterns to prevent HTTP Host header attacks,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Configure trusted_host_patterns to prevent HTTP standard as described SEC030,drupal_security,sec,Set secure file permissions (0755 for directories,Set secure file permissions (0755 for directories 0644 for files),critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Set secure file permissions (0755 for directories standard as described SEC031,drupal_security,sec,Configure private file path for sensitive uploads,Configure private file path for sensitive uploads,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Configure private file path for sensitive uploads standard as described SEC032,drupal_security,sec,Disable verbose error reporting in production,Disable verbose error reporting in production,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Disable verbose error reporting in production standard as described SEC033,drupal_security,sec,Set Content-Security-Policy to restrict resource,Set Content-Security-Policy to restrict resource origins,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Set Content-Security-Policy to restrict resource standard as described SEC034,drupal_security,sec,Configure X-Frame-Options to prevent clickjacking,Configure X-Frame-Options to prevent clickjacking,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Configure X-Frame-Options to prevent clickjacking standard as described SEC035,drupal_security,sec,Enable X-Content-Type-Options to prevent,Enable X-Content-Type-Options to prevent MIME-type sniffing,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Enable X-Content-Type-Options to prevent standard as described SEC036,drupal_security,sec,Keep Drupal core updated to latest secure version,Keep Drupal core updated to latest secure version,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Keep Drupal core updated to latest secure version standard as described SEC037,drupal_security,sec,Use Composer for managing all dependencies,Use Composer for managing all dependencies,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use Composer for managing all dependencies standard as described SEC038,drupal_security,sec,Add drupal/core-security-advisories as dev,Add drupal/core-security-advisories as dev dependency,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Add drupal/core-security-advisories as dev standard as described SEC039,drupal_security,sec,Use modern Drupal APIs rather than deprecated,Use modern Drupal APIs rather than deprecated functions,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use modern Drupal APIs rather than deprecated standard as described SEC040,drupal_security,sec,Implement Subresource Integrity (SRI) for,Implement Subresource Integrity (SRI) for external resources,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement Subresource Integrity (SRI) for standard as described SEC041,drupal_security,sec,Remove unused modules from codebase,Remove unused modules from codebase,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Remove unused modules from codebase standard as described SEC042,drupal_security,sec,Monitor Drupal security advisories page,Monitor Drupal security advisories page,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Monitor Drupal security advisories page standard as described SEC043,drupal_security,sec,Use strong password policies with complexity,Use strong password policies with complexity requirements,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use strong password policies with complexity standard as described SEC044,drupal_security,sec,Implement proper account lockout after failed,Implement proper account lockout after failed login attempts,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement proper account lockout after failed standard as described SEC045,drupal_security,sec,Consider multi-factor authentication for,Consider multi-factor authentication for privileged accounts,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Consider multi-factor authentication for standard as described SEC046,drupal_security,sec,Use HTTPS for all authentication traffic,Use HTTPS for all authentication traffic,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use HTTPS for all authentication traffic standard as described SEC047,drupal_security,sec,Implement session timeout for inactivity,Implement session timeout for inactivity,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement session timeout for inactivity standard as described SEC048,drupal_security,sec,Use email verification for new account,Use email verification for new account registration,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use email verification for new account standard as described SEC049,drupal_security,sec,Apply principle of least privilege for user roles,Apply principle of least privilege for user roles,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Apply principle of least privilege for user roles standard as described SEC050,drupal_security,sec,Follow separation of concerns in module,Follow separation of concerns in module architecture,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Follow separation of concerns in module standard as described SEC051,drupal_security,sec,Design granular permissions following verb+object ,Design granular permissions following verb+object pattern,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Design granular permissions following verb+object standard as described SEC052,drupal_security,sec,Use context-aware access systems like Entity,Use context-aware access systems like Entity Access,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use context-aware access systems like Entity standard as described SEC053,drupal_security,sec,Implement appropriate validation constraints on,Implement appropriate validation constraints on entity fields,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement appropriate validation constraints on standard as described SEC054,drupal_security,sec,Design schema definitions with integrity,Design schema definitions with integrity constraints,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Design schema definitions with integrity standard as described SEC055,drupal_security,sec,Implement field-level access control when needed,Implement field-level access control when needed,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement field-level access control when needed standard as described SEC056,drupal_security,sec,Design fault-tolerant systems that fail securely,Design fault-tolerant systems that fail securely,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Design fault-tolerant systems that fail securely standard as described SEC057,drupal_security,sec,Avoid PHP's unserialize() with untrusted data,Avoid PHP's unserialize() with untrusted data,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Avoid PHP's unserialize() with untrusted data standard as described SEC058,drupal_security,sec,Use JSON or structured formats for data,Use JSON or structured formats for data interchange,critical,{},[],forms|drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use JSON or structured formats for data standard as described SEC059,drupal_security,sec,Validate data before and after migrations/updates,Validate data before and after migrations/updates,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Validate data before and after migrations/updates standard as described SEC060,drupal_security,sec,Implement checksums/hashing for critical,Implement checksums/hashing for critical configuration,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement checksums/hashing for critical standard as described SEC061,drupal_security,sec,Verify integrity of downloaded modules and themes,Verify integrity of downloaded modules and themes,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Verify integrity of downloaded modules and themes standard as described SEC062,drupal_security,sec,Use Composer with package signature verification,Use Composer with package signature verification,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Use Composer with package signature verification standard as described SEC063,drupal_security,sec,Implement proper validation for plugin/module,Implement proper validation for plugin/module loading,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Implement proper validation for plugin/module standard as described SEC064,drupal_security,sec,Log security-relevant events consistently across,Log security-relevant events consistently across application,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Log security-relevant events consistently across standard as described SEC065,drupal_security,sec,Include context in log messages with relevant,Include context in log messages with relevant identifiers,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Include context in log messages with relevant standard as described SEC066,drupal_security,sec,Log authentication events (login attempts,Log authentication events (login attempts failures logouts),critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Log authentication events (login attempts standard as described SEC067,drupal_security,sec,Log access control decisions particularly denials,Log access control decisions particularly denials,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Log access control decisions particularly denials standard as described SEC068,drupal_security,sec,Log all administrative actions and data,Log all administrative actions and data modifications,critical,{},[],drupal|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Log all administrative actions and data standard as described SEC069,drupal_security,sec,Configure appropriate log retention periods,Configure appropriate log retention periods,critical,{},[],drupal|configuration|security,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Configure appropriate log retention periods standard as described SEC070,drupal_security,sec,Protect log files from unauthorized access and,Protect log files from unauthorized access and modification,critical,{},[],drupal|security|access,This security measure prevents sec vulnerabilities and protects against malicious attacks,Update your code to follow the Protect log files from unauthorized access and standard as described TEST001,drupal_testing,test1,Write unit tests for Drupal modules and backend logic using PHPUnit framework,"Write unit tests for Drupal modules and backend logic using PHPUnit framework. Test business logic, services, and utility functions with proper mocking.",medium,"{""good"": ""// tests/src/Unit/Service/DataProcessorTest.php\nnamespace Drupal\\Tests\\mymodule\\Unit\\Service;\n\nuse Drupal\\Tests\\UnitTestCase;\nuse Drupal\\mymodule\\Service\\DataProcessor;\nuse Drupal\\Core\\Logger\\LoggerChannelInterface;\n\nclass DataProcessorTest extends UnitTestCase {\n \n protected DataProcessor $dataProcessor;\n protected LoggerChannelInterface $logger;\n \n protected function setUp(): void {\n parent::setUp();\n \n $this->logger = $this->createMock(LoggerChannelInterface::class);\n $this->dataProcessor = new DataProcessor($this->logger);\n }\n \n public function testProcessValidData(): void {\n $input = ['name' => 'John', 'age' => 30];\n $expected = ['name' => 'JOHN', 'age' => 30, 'processed' => TRUE];\n \n $result = $this->dataProcessor->process($input);\n \n $this->assertEquals($expected, $result);\n }\n \n public function testProcessInvalidDataThrowsException(): void {\n $this->expectException(\\InvalidArgumentException::class);\n $this->expectExceptionMessage('Name is required');\n \n $this->dataProcessor->process(['age' => 30]);\n }\n \n public function testProcessLogsErrors(): void {\n $this->logger->expects($this->once())\n ->method('error')\n ->with('Processing failed: @message', ['@message' => 'Name is required']);\n \n try {\n $this->dataProcessor->process([]);\n } catch (\\Exception $e) {\n // Expected exception\n }\n }\n}"", ""bad"": """"}","[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",drupal|testing|php,, TEST001,drupal_testing,tes,Write unit tests for Drupal modules and backend,Write unit tests for Drupal modules and backend logic,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Write unit tests for Drupal modules and backend standard as described TEST002,drupal_testing,tes,Write Behat tests for plugins affecting front-end ,Write Behat tests for plugins affecting front-end behavior,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Write Behat tests for plugins affecting front-end standard as described TEST003,drupal_testing,tes,Update corresponding tests when functionality,Update corresponding tests when functionality changes,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Update corresponding tests when functionality standard as described TEST004,drupal_testing,tes,Maintain README.md file in each module,Maintain README.md file in each module,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Maintain README.md file in each module standard as described TEST005,drupal_testing,tes,Place test code in dedicated test directories,Place test code in dedicated test directories,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Place test code in dedicated test directories standard as described TEST006,drupal_testing,tes,Use dependency injection for testability with,Use dependency injection for testability with mocks and stubs,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|injection|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Use dependency injection for testability with standard as described TEST007,drupal_testing,tes,Document any production code changes made for,Document any production code changes made for testing,medium,{},"[""https://www.drupal.org/docs/testing"", ""https://www.drupal.org/docs/testing/phpunit-in-drupal""]",testing|drupal,Following this testing best practice ensures maintainable and standards-compliant code,Update your code to follow the Document any production code changes made for standard as described TWIG001,drupal_twig,twig1,Use Twig templates instead of theme functions for Drupal 8+ theming,Use Twig templates instead of theme functions for Drupal 8+ theming. Implement proper template suggestions and use Twig filters appropriately.,medium,"{""good"": ""<!-- templates/node--article--teaser.html.twig -->\n{#\n/**\n * @file\n * Theme override to display a node.\n *\n * Available variables:\n * - node: The node entity with limited access\n * - label: The title of the node\n * - content: All node items\n * - author_name: Authored by name\n * - metadata: Metadata for this node\n *\n * @see template_preprocess_node()\n */\n#}\n<article{{ attributes.addClass('node--type-' ~ node.bundle|clean_class) }}>\n\n {{ title_prefix }}\n {% if not page %}\n <h2{{ title_attributes }}>\n <a href=\""{{ url }}\"" rel=\""bookmark\"">{{ label }}</a>\n </h2>\n {% endif %}\n {{ title_suffix }}\n\n {% if display_submitted %}\n <footer>\n {{ author_picture }}\n <div{{ author_attributes }}>\n {% trans %}Submitted by {{ author_name }} on {{ date }}{% endtrans %}\n {{ metadata }}\n </div>\n </footer>\n {% endif %}\n\n <div{{ content_attributes }}>\n {# Use 'without' to exclude fields #}\n {{ content|without('field_tags', 'links') }}\n </div>\n\n {# Render specific fields #}\n {% if content.field_tags|render %}\n <div class=\""tags\"">\n {{ content.field_tags }}\n </div>\n {% endif %}\n\n</article>\n\n{# In PHP (hook_theme or preprocess) #}\n<?php\nfunction mymodule_preprocess_node(&$variables) {\n $node = $variables['node'];\n \n // Add custom variables\n $variables['custom_date'] = \\Drupal::service('date.formatter')->format(\n $node->getCreatedTime(), \n 'custom', \n 'F j, Y'\n );\n \n // Add cache metadata\n $variables['#cache']['contexts'][] = 'user';\n}"", ""bad"": ""<!-- Don't use PHP in templates -->\n<?php print $node->getTitle(); ?>\n\n<!-- Don't access object methods directly -->\n{{ node.getOwner().getEmail() }}\n\n<!-- Don't use |raw without sanitization -->\n{{ user_input|raw }}""}","[""https://www.drupal.org/docs/theming-drupal/twig-in-drupal"", ""https://www.drupal.org/docs/develop/theming-drupal/twig-in-drupal/working-with-twig-templates"", ""https://www.drupal.org/docs/develop/theming-drupal/twig-in-drupal/twig-template-naming-conventions""]",drupal|twig,,