Worker-Mode Readiness Scanner
Paste your PHP code and instantly find patterns that break under FrankenPHP, Laravel Octane, or RoadRunner. No signup required.
Paste PHP Code
What the Scanner Checks
10 detection rules targeting the most common patterns that break in PHP worker-mode runtimes.
Static State Persistence
Replace static state with instance properties injected via the DI container. For caches, use a request-scoped service or call a reset method between requests.
warningGlobal Variable Usage
Pass dependencies explicitly via constructor injection or method parameters instead of sharing state through global variables.
warningexit/die Usage
Replace exit/die with an exception: `throw new \RuntimeException('message');` or return an HTTP error response.
criticalSuperglobal Mutation
Avoid mutating superglobals directly. Use a request object (e.g. Symfony HttpFoundation, Laravel Request) that is created fresh per request.
warningSession Lifecycle
Call session_write_close() as soon as you are done reading/writing session data, or use a framework session handler that closes automatically.
warningOutput Buffer Leak
Ensure every ob_start() has a matching ob_end_clean() or ob_end_flush() in the same request lifecycle, or use a framework that manages output buffering per request.
infoHandler Stacking
Ensure handlers are registered only once (e.g. at boot, guarded by a flag) or use framework-level error/exception handling that resets per request.
infoSingleton Pattern
Use dependency injection with a scoped/transient binding instead of a singleton. If the singleton is necessary, add a resetState() method called between requests.
warningFile Handle Leak
Always pair fopen() with fclose() in a try/finally block, or use file_get_contents()/file_put_contents() which handle closing automatically.
warningDirect Connection Creation
Use the framework's database/cache service (e.g. Laravel DB facade, Doctrine DBAL) which manages connection lifecycle automatically in worker environments.
infoFrequently Asked Questions
What is worker mode and why does it matter?
Traditional PHP (php-fpm) starts a fresh process for every request. Worker-mode runtimes like FrankenPHP, Laravel Octane, and RoadRunner keep a single PHP process alive and handle many requests sequentially. This is much faster, but it means static variables, global state, and singletons persist between requests — causing data leakage, memory growth, and hard-to-debug issues.
Is my code sent to your servers?
Yes, the code is sent to our server for AST parsing via PHP-Parser. We do not store, log, or retain submitted code. Analysis happens in memory and results are returned immediately. No code touches disk.
Does this work with Laravel / Symfony / WordPress?
Yes. The scanner analyzes raw PHP code regardless of framework. It flags patterns that are problematic in any worker-mode environment. Framework-specific code (like Laravel Facades) is generally safe because the framework manages per-request lifecycle — but custom code within your application may not be.
What does Obfuscura have to do with FrankenPHP?
Obfuscura is a PHP code protection platform. Our encoded files use a pure-PHP loader (no C extensions) that is fully compatible with FrankenPHP worker mode. We built this scanner because ensuring worker-mode safety is critical for our own product — and we thought the broader PHP community would benefit from it too.
Can I scan an entire project?
This free tool scans one file at a time. Full project scanning (ZIP upload or API for CI/CD) is available on Professional and Enterprise plans.