Your Magento 2 Code Is Costing You More Than You Think

EasyAudit finds the anti-patterns that slow down every request and break every upgrade. Scan from the CLI, CI/CD, or directly from your browser β€” and let the Fixer patch issues automatically.

Get Started Free See What We Detect
19 Analysis Processors
~455 KB Standalone PHAR
< 2 min Setup Time
0 Dependencies
MIT Licensed

The Hidden Cost of Bad Patterns

Adobe's own documentation warns against around plugins and concrete class dependencies. But warnings don't fix codebases β€” and the impact is measurable.

Around Plugins: The Silent Performance Killer

Magento's interception framework runs roughly 67,000 checks per page load. Each around plugin adds a $proceed() callback to the stack β€” deeper traces, harder debugging, and blocked chains if $proceed() is never called.

On a single product page, plugin resolution alone accounts for ~160ms of overhead. That's more time than some platforms need to render an entire page.

The fix: if a plugin only modifies arguments, it should be a before. If it only modifies the return value, an after. EasyAudit detects them. The Fixer rewrites them.

Concrete Class Injection: Upgrade Time Bomb

Adobe guarantees backward compatibility only for interfaces marked @api. Every concrete class dependency is an unprotected bet that the constructor signature won't change.

Between Magento 2.4.6 and 2.4.7, the ProductRepository constructor changed β€” breaking every module that extended the concrete class. Filed as a P1 issue on GitHub.

The fix: replace concrete classes with the correct interface. EasyAudit detects them across your entire codebase. The Fixer generates the patches.

Missing Proxies: Every Command Pays the Price

Run bin/magento cache:flush? Magento instantiates every registered command with its full dependency tree first. No proxy = hundreds of useless objects on every CLI call.

Multiply by cron frequency and the number of custom commands in your project. That overhead runs 24/7, whether the command is yours or not.

The fix: proxy heavy dependencies in di.xml so they load only when the command actually runs. EasyAudit detects them. The Fixer generates the configuration.

count() on Collections: 50,000 Objects for One Integer

Calling count($collection) triggers load() β€” a full SELECT * that hydrates every row into a PHP object, just to count them. On a 50K catalog, that's a memory spike for a single number.

getSize() does the same job with one SELECT COUNT(*). No load, no hydration, no memory spike.

The fix: replace count() with getSize(). EasyAudit finds every occurrence. The Fixer rewrites them.

How It Works

Choose how you scan

Free
Terminal icon Terminal icon

CLI / Docker

One command. Scan locally or in your pipeline.

Install
Free
Git branch icon Git branch icon

GitHub Actions

Automated scans on every push, results in Code Scanning.

Setup
credits
Browser window icon Browser window icon

Web Scanner

Paste a Packagist link, a Git repo URL, or upload an archive. No install needed.

Login

Then fix what matters

Run the Fixer on the issues you choose. Get standard .patch files you review and apply. That's it.

Get Fixer Credits
Browser mockup showing the EasyAudit web scanner interface with an input field for a Packagist URL, a drag-and-drop area for archive upload, and a scan button

No Install? No Problem.

Paste a Packagist link, a public Git repository URL, or upload a .zip / .tar.gz archive. EasyAudit scans the code in a secure, isolated container and delivers the same report as the CLI β€” directly in your browser.

Web scans use credits. Cost varies depending on the size of the project. Small modules cost just a few credits; full Magento installations cost more.

Perfect for:

  • Evaluating a third-party extension before you install it
  • Quick checks when you don't have Docker or PHP locally
  • Sharing results with a client without asking them to run anything
Get 10 Free Credits on Signup

What EasyAudit Fixes

Around β†’ Before/After

Unnecessary around plugins that should be before or after

3 credits

Concrete Class Injection

Dependencies on implementations instead of interfaces

3 credits

Direct ObjectManager Usage

Hidden dependencies that break DI and testability

2 credits

Missing Proxy Configuration

Heavy classes instantiated where a proxy should be used

1 credit

Collection Without Factory

Collections created without the factory pattern

1 credit

Repository Without Interface

Repository classes not implementing their interface contract

1 credit

Detection is always free via CLI and CI/CD. Credits are used for automatic patch generation and for web-based scans. One credit = one fix per file.

Automatic Patches. Full Control.

EasyAudit's Fixer generates standard unified diff patches for every issue it can fix. No code is modified without your explicit approval.

How it works:

  1. Run the audit (CLI or CI/CD)
  2. Request fixes for the issues you choose
  3. Review the generated .patch files
  4. Apply with git apply β€” done

Patches are generated in milliseconds and tailored to your codebase. No generic templates, no copy-paste from Stack Overflow.

Code diff view showing a concrete class injection being replaced by an interface, with red deleted lines and green added lines

Native CI/CD Integration

Add EasyAudit to your pipeline in 5 lines. Scan on every push, surface issues in GitHub Code Scanning, and auto-fix with a PR β€” all without leaving your workflow.

# .github/workflows/easyaudit.yml
- uses: actions/checkout@v6
- run: |
    docker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest \
      scan /workspace --format=sarif --output=/workspace/report.sarif
- uses: github/codeql-action/upload-sarif@v4
  with:
    sarif_file: report.sarif
GitHub pull request showing EasyAudit Code Scanning annotations inline on changed files, highlighting a concrete class injection warning

Pricing

The CLI audit is free, forever. Credits are used for automatic patch generation and web scans.

Free

€0

10 credits on signup

Try the Fixer on a few files

Create Account

One-Shot

€4.99

25 credits

No commitment, one-time purchase

Starter

€2.99/mo

50 credits/mo

Solo developers

Subscribe
Best Value

Pro

€9.99/mo

250 credits/mo

Most projects in one month

Subscribe

Agency

€24.99/mo

1000 credits/mo

Multiple client projects

Subscribe

One credit = one automated fix per file. Web scan costs vary by project size. CLI/CI detection is always free and unlimited.

Get Started in Under 2 Minutes

Using Docker

docker run --rm -v $PWD:/workspace ghcr.io/crealoz/easyaudit:latest scan /workspace
View Docker Documentation β†’

Using PHAR

php easyaudit.phar scan /path/to/magento --format=sarif
Download from releases β†’

Full documentation β†’ including CI/CD setup for GitHub, GitLab, Bitbucket, Azure, CircleCI, Jenkins, and Travis.

Your Codebase Isn't Getting Cleaner On Its Own

Start with a free audit. See what EasyAudit finds. Fix what matters.

Install EasyAudit View Documentation

We use cookies to analyze site usage and improve your experience. Learn more