Project security

Open a project from unknown sources

When you open any project, PhpStorm immediately lets you decide how to handle a project that contains unfamiliar source code.

You can select one of the following actions:

• Preview in Safe Mode: in this case PhpStorm opens a project in a "preview mode" meaning you can browse the project's sources, but there are restrictions in executing any tasks or running your project.

  For more information on Safe Mode preview limitations, refer to Safe mode preview limitations.

  PhpStorm displays a notification on top of the editor area, and you can click the Trust project… link and load your project at any time.

  

• Trust Project: in this case, PhpStorm opens and loads a project. That means project is initialized, project's plugins are resolved, dependencies are added, and all PhpStorm features are available.

• Don't Open: in this case PhpStorm cancels the action.

Startup tasks

When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, PhpStorm displays a notification suggesting that the code you are about to execute might be harmful.

You can review what tasks will be executed and modify the settings.

Safe mode preview limitations

If you open a project in the safe mode, the following limitations will apply to the project:

• Startup tasks: any scripts or tasks that are executed during the opening process are disabled.

• VCS support: the whole VCS support is disabled.

• File Watchers scripts will not be executed.

• Executing Composer commands is disabled.

• Refreshing the versions of the configured PHP command-line tools is disabled.

• Refreshing the versions of the configured PHP test frameworks is disabled.

• Working with the configured PHP code quality tools is disabled.

Trusted locations

You can configure what sources PhpStorm should consider safe and load such projects automatically during the opening process.