Your Magento 2 Code Is Costing You More Than You Think
EasyAudit finds the anti-patterns that slow down every request and break every upgrade. Scan from the CLI, CI/CD, or directly from your browser — and let the Fixer patch issues automatically.
The Hidden Cost of Bad Patterns
Adobe's own documentation warns against around plugins and concrete class dependencies. But warnings don't fix codebases — and the impact is measurable.
Around Plugins: The Silent Performance Killer
Magento's interception framework runs roughly 67,000 checks per page load. Each around plugin adds a $proceed() callback to the stack — deeper traces, harder debugging, and blocked chains if $proceed() is never called.
On a single product page, plugin resolution alone accounts for ~160ms of overhead. That's more time than some platforms need to render an entire page.
The fix: if a plugin only modifies arguments, it should be a before. If it only modifies the return value, an after. EasyAudit detects them. The Fixer rewrites them.
Concrete Class Injection: Upgrade Time Bomb
Adobe guarantees backward compatibility only for interfaces marked @api. Every concrete class dependency is an unprotected bet that the constructor signature won't change.
Between Magento 2.4.6 and 2.4.7, the ProductRepository constructor changed — breaking every module that extended the concrete class. Filed as a P1 issue on GitHub.
The fix: replace concrete classes with the correct interface. EasyAudit detects them across your entire codebase. The Fixer generates the patches.
Missing Proxies: Every Command Pays the Price
Run bin/magento cache:flush? Magento instantiates every registered command with its full dependency tree first. No proxy = hundreds of useless objects on every CLI call.
Multiply by cron frequency and the number of custom commands in your project. That overhead runs 24/7, whether the command is yours or not.
The fix: proxy heavy dependencies in di.xml so they load only when the command actually runs. EasyAudit detects them. The Fixer generates the configuration.
count() on Collections: 50,000 Objects for One Integer
Calling count($collection) triggers load() — a full SELECT * that hydrates every row into a PHP object, just to count them. On a 50K catalog, that's a memory spike for a single number.
getSize() does the same job with one SELECT COUNT(*). No load, no hydration, no memory spike.
The fix: replace count() with getSize(). EasyAudit finds every occurrence. The Fixer rewrites them.
How It Works
Choose how you scan
CLI / Docker
One command. Scan locally or in your pipeline.
FREE
GitHub Actions
Automated scans on every push, results in Code Scanning.
FREE
Web Scanner
Paste a Packagist link, a Git repo URL, or upload an archive. No install needed.
CREDITSThen fix what matters
Run the Fixer on the issues you choose. Get standard .patch files you review and apply. That's it.
No Install? No Problem.
Paste a Packagist link, a public Git repository URL, or upload a .zip / .tar.gz archive. EasyAudit scans the code in a secure, isolated container and delivers the same report as the CLI — directly in your browser.
Web scans use credits. Cost varies depending on the size of the project. Small modules cost just a few credits; full Magento installations cost more.
Perfect for:
- Evaluating a third-party extension before you install it
- Quick checks when you don't have Docker or PHP locally
- Sharing results with a client without asking them to run anything
What EasyAudit Fixes
Around → Before/After
Unnecessary around plugins that should be before or after
3 creditsConcrete Class Injection
Dependencies on implementations instead of interfaces
3 creditsDirect ObjectManager Usage
Hidden dependencies that break DI and testability
2 creditsMissing Proxy Configuration
Heavy classes instantiated where a proxy should be used
1 creditCollection Without Factory
Collections created without the factory pattern
1 creditRepository Without Interface
Repository classes not implementing their interface contract
1 creditDetection is always free via CLI and CI/CD. Credits are used for automatic patch generation and for web-based scans. One credit = one fix per file.
Automatic Patches. Full Control.
EasyAudit's Fixer generates standard unified diff patches for every issue it can fix. No code is modified without your explicit approval.
How it works:
- Run the audit (CLI or CI/CD)
- Request fixes for the issues you choose
- Review the generated
.patchfiles - Apply with
git apply— done
Patches are generated in milliseconds and tailored to your codebase. No generic templates, no copy-paste from Stack Overflow.
Native CI/CD Integration
Add EasyAudit to your pipeline in 5 lines. Scan on every push, surface issues in GitHub Code Scanning, and auto-fix with a PR — all without leaving your workflow.
# .github/workflows/easyaudit.yml
- uses: actions/checkout@v6
- run: |
docker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest \
scan /workspace --format=sarif --output=/workspace/report.sarif
- uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: report.sarif
Pricing
The CLI audit is free, forever. Credits are used for automatic patch generation and web scans.
One-Shot
€4.99
25 credits
No commitment, one-time purchase
One credit = one automated fix per file. Web scan costs vary by project size. CLI/CI detection is always free and unlimited.
Get Started in Under 2 Minutes
Using Docker
docker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest scan /workspace
Full documentation → including CI/CD setup for GitHub, GitLab, Bitbucket, Azure, CircleCI, Jenkins, and Travis.
Your Codebase Isn't Getting Cleaner On Its Own
Start with a free audit. See what EasyAudit finds. Fix what matters.