From 949ee9b342da249a66390ede5eb8a0ab0e742870 Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 15:47:38 +0000
Subject: [PATCH 1/6] PHPStan configuration

---
 composer.json |  4 +++-
 composer.lock | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 phpstan.neon  |  6 ++++++
 3 files changed, 63 insertions(+), 2 deletions(-)
 create mode 100644 phpstan.neon

diff --git a/composer.json b/composer.json
index 70a0c1c..8569fdb 100644
--- a/composer.json
+++ b/composer.json
@@ -15,7 +15,8 @@
     "require-dev": {
         "phpunit/phpunit": "^13",
         "friendsofphp/php-cs-fixer": "^3.94",
-        "php-coveralls/php-coveralls": "^2.9"
+        "php-coveralls/php-coveralls": "^2.9",
+        "phpstan/phpstan": "^2.1"
     },
     "autoload": {
         "psr-4": {
@@ -30,6 +31,7 @@
     "scripts": {
         "lint": "vendor/bin/php-cs-fixer -vvv check --using-cache=no",
         "lint-fix": "vendor/bin/php-cs-fixer -vvv fix --using-cache=no",
+        "phpstan": "vendor/bin/phpstan",
         "test": "XDEBUG_MODE=coverage vendor/bin/phpunit",
         "serve-examples": "@php -S localhost:8080 -t examples"
     },
diff --git a/composer.lock b/composer.lock
index 81aea7b..789a78c 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "b99f580de2abf676796df50ae6addd59",
+    "content-hash": "edc273ca7a74db1ddeb047d4e20e7351",
     "packages": [],
     "packages-dev": [
         {
@@ -1150,6 +1150,59 @@
             },
             "time": "2025-12-18T13:08:37+00:00"
         },
+        {
+            "name": "phpstan/phpstan",
+            "version": "2.1.42",
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/phpstan/phpstan/zipball/1279e1ce86ba768f0780c9d889852b4e02ff40d0",
+                "reference": "1279e1ce86ba768f0780c9d889852b4e02ff40d0",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.4|^8.0"
+            },
+            "conflict": {
+                "phpstan/phpstan-shim": "*"
+            },
+            "bin": [
+                "phpstan",
+                "phpstan.phar"
+            ],
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "PHPStan - PHP Static Analysis Tool",
+            "keywords": [
+                "dev",
+                "static analysis"
+            ],
+            "support": {
+                "docs": "https://phpstan.org/user-guide/getting-started",
+                "forum": "https://github.com/phpstan/phpstan/discussions",
+                "issues": "https://github.com/phpstan/phpstan/issues",
+                "security": "https://github.com/phpstan/phpstan/security/policy",
+                "source": "https://github.com/phpstan/phpstan-src"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/ondrejmirtes",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/phpstan",
+                    "type": "github"
+                }
+            ],
+            "time": "2026-03-17T14:58:32+00:00"
+        },
         {
             "name": "phpunit/php-code-coverage",
             "version": "13.0.1",
diff --git a/phpstan.neon b/phpstan.neon
new file mode 100644
index 0000000..efbd19a
--- /dev/null
+++ b/phpstan.neon
@@ -0,0 +1,6 @@
+parameters:
+    level: max
+    paths:
+        - src
+        - tests
+        - examples

From 14b243b7d3e256f2a8cf70c3ac04fa1b9ac7a75f Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 15:57:33 +0000
Subject: [PATCH 2/6] Type hint updates for ReCaptcha

---
 src/ReCaptcha/ReCaptcha.php       | 36 ++++++++++++---------------
 src/ReCaptcha/Response.php        | 41 ++++++++++++++++---------------
 tests/ReCaptcha/ReCaptchaTest.php | 21 +++++++++++++---
 3 files changed, 54 insertions(+), 44 deletions(-)

diff --git a/src/ReCaptcha/ReCaptcha.php b/src/ReCaptcha/ReCaptcha.php
index 5dd19f0..1cf5298 100644
--- a/src/ReCaptcha/ReCaptcha.php
+++ b/src/ReCaptcha/ReCaptcha.php
@@ -138,20 +138,20 @@ class ReCaptcha
      *
      * @var string
      */
-    private $secret;
+    private string $secret;
 
     /**
      * Method used to communicate with service. Defaults to POST request.
      *
      * @var RequestMethod
      */
-    private $requestMethod;
+    private RequestMethod $requestMethod;
 
-    private $hostname;
-    private $apkPackageName;
-    private $action;
-    private $threshold;
-    private $timeoutSeconds;
+    private string $hostname;
+    private string $apkPackageName;
+    private string $action;
+    private float $threshold;
+    private int $timeoutSeconds;
 
     /**
      * Create a configured instance to use the reCAPTCHA service.
@@ -161,16 +161,12 @@ class ReCaptcha
      *
      * @throws \RuntimeException if $secret is invalid
      */
-    public function __construct($secret, ?RequestMethod $requestMethod = null)
+    public function __construct(string $secret, ?RequestMethod $requestMethod = null)
     {
         if (empty($secret)) {
             throw new \RuntimeException('No secret provided');
         }
 
-        if (!is_string($secret)) {
-            throw new \RuntimeException('The provided secret must be a string');
-        }
-
         $this->secret = $secret;
 
         if (!is_null($requestMethod)) {
@@ -187,11 +183,11 @@ public function __construct($secret, ?RequestMethod $requestMethod = null)
      * CAPTCHA test and additionally runs any specified additional checks.
      *
      * @param string $response the user response token provided by reCAPTCHA, verifying the user on your site
-     * @param string $remoteIp the end user's IP address
+     * @param string|null $remoteIp the end user's IP address
      *
      * @return Response response from the service
      */
-    public function verify($response, $remoteIp = null)
+    public function verify(string $response, ?string $remoteIp = null): Response
     {
         // Discard empty solution submissions
         if (empty($response)) {
@@ -250,7 +246,7 @@ public function verify($response, $remoteIp = null)
      *
      * @return ReCaptcha Current instance for fluent interface
      */
-    public function setExpectedHostname($hostname)
+    public function setExpectedHostname(string $hostname): self
     {
         $this->hostname = $hostname;
 
@@ -264,7 +260,7 @@ public function setExpectedHostname($hostname)
      *
      * @return ReCaptcha Current instance for fluent interface
      */
-    public function setExpectedApkPackageName($apkPackageName)
+    public function setExpectedApkPackageName(string $apkPackageName): self
     {
         $this->apkPackageName = $apkPackageName;
 
@@ -279,7 +275,7 @@ public function setExpectedApkPackageName($apkPackageName)
      *
      * @return ReCaptcha Current instance for fluent interface
      */
-    public function setExpectedAction($action)
+    public function setExpectedAction(string $action): self
     {
         $this->action = $action;
 
@@ -294,9 +290,9 @@ public function setExpectedAction($action)
      *
      * @return ReCaptcha Current instance for fluent interface
      */
-    public function setScoreThreshold($threshold)
+    public function setScoreThreshold(float $threshold): self
     {
-        $this->threshold = floatval($threshold);
+        $this->threshold = $threshold;
 
         return $this;
     }
@@ -308,7 +304,7 @@ public function setScoreThreshold($threshold)
      *
      * @return ReCaptcha Current instance for fluent interface
      */
-    public function setChallengeTimeout($timeoutSeconds)
+    public function setChallengeTimeout(int $timeoutSeconds): self
     {
         $this->timeoutSeconds = $timeoutSeconds;
 
diff --git a/src/ReCaptcha/Response.php b/src/ReCaptcha/Response.php
index 4876338..774a5d6 100644
--- a/src/ReCaptcha/Response.php
+++ b/src/ReCaptcha/Response.php
@@ -47,61 +47,62 @@ class Response
      *
      * @var bool
      */
-    private $success = false;
+    private bool $success = false;
 
     /**
      * Error code strings.
      *
      * @var array
      */
-    private $errorCodes = [];
+    private array $errorCodes = [];
 
     /**
      * The hostname of the site where the reCAPTCHA was solved.
      *
      * @var string
      */
-    private $hostname;
+    private string $hostname;
 
     /**
      * Timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ).
      *
      * @var string
      */
-    private $challengeTs;
+    private string $challengeTs;
 
     /**
      * APK package name.
      *
      * @var string
      */
-    private $apkPackageName;
+    private string $apkPackageName;
 
     /**
      * Score assigned to the request.
      *
-     * @var float
+     * @var float|null
      */
-    private $score;
+    private ?float $score;
 
     /**
      * Action as specified by the page.
      *
      * @var string
      */
-    private $action;
+    private string $action;
 
     /**
      * Constructor.
      *
      * @param bool   $success
+     * @param array  $errorCodes
      * @param string $hostname
      * @param string $challengeTs
      * @param string $apkPackageName
-     * @param float  $score
+     * @param float|null $score
      * @param string $action
      */
-    public function __construct($success, array $errorCodes = [], $hostname = '', $challengeTs = '', $apkPackageName = '', $score = null, $action = '')
+    public function __construct(bool $success, array $errorCodes = [], string $hostname = '', string $challengeTs = '', string $apkPackageName = '', ?float $score = null, string $action = '')
     {
         $this->success = $success;
         $this->hostname = $hostname;
@@ -119,7 +120,7 @@ public function __construct($success, array $errorCodes = [], $hostname = '', $c
      *
      * @return Response
      */
-    public static function fromJson($json)
+    public static function fromJson(string $json): Response
     {
         $responseData = json_decode($json, true);
 
@@ -149,7 +150,7 @@ public static function fromJson($json)
      *
      * @return bool
      */
-    public function isSuccess()
+    public function isSuccess(): bool
     {
         return $this->success;
     }
@@ -159,7 +160,7 @@ public function isSuccess()
      *
      * @return array
      */
-    public function getErrorCodes()
+    public function getErrorCodes(): array
     {
         return $this->errorCodes;
     }
@@ -169,7 +170,7 @@ public function getErrorCodes()
      *
      * @return string
      */
-    public function getHostname()
+    public function getHostname(): string
     {
         return $this->hostname;
     }
@@ -179,7 +180,7 @@ public function getHostname()
      *
      * @return string
      */
-    public function getChallengeTs()
+    public function getChallengeTs(): string
     {
         return $this->challengeTs;
     }
@@ -189,7 +190,7 @@ public function getChallengeTs()
      *
      * @return string
      */
-    public function getApkPackageName()
+    public function getApkPackageName(): string
     {
         return $this->apkPackageName;
     }
@@ -197,9 +198,9 @@ public function getApkPackageName()
     /**
      * Get score.
      *
-     * @return float
+     * @return float|null
      */
-    public function getScore()
+    public function getScore(): ?float
     {
         return $this->score;
     }
@@ -209,7 +210,7 @@ public function getScore()
      *
      * @return string
      */
-    public function getAction()
+    public function getAction(): string
     {
         return $this->action;
     }
@@ -227,7 +228,7 @@ public function getAction()
      *     error-codes: string[]
      * }
      */
-    public function toArray()
+    public function toArray(): array
     {
         return [
             'success' => $this->isSuccess(),
diff --git a/tests/ReCaptcha/ReCaptchaTest.php b/tests/ReCaptcha/ReCaptchaTest.php
index 405a34f..004a727 100644
--- a/tests/ReCaptcha/ReCaptchaTest.php
+++ b/tests/ReCaptcha/ReCaptchaTest.php
@@ -75,23 +75,36 @@ protected function tearDown(): void
     }
 
     #[DataProvider('invalidSecretProvider')]
-    public function testExceptionThrownOnInvalidSecret($invalid)
+    public function testExceptionThrownOnInvalidSecretType($invalid)
     {
-        $this->expectException(\RuntimeException::class);
+        $this->expectException(\TypeError::class);
         $rc = new ReCaptcha($invalid);
     }
 
     public static function invalidSecretProvider()
     {
         return [
-            [''],
             [null],
-            [0],
             [new \stdClass()],
             [[]],
         ];
     }
 
+    #[DataProvider('emptySecretProvider')]
+    public function testExceptionThrownOnEmptySecret($emptySecret)
+    {
+        $this->expectException(\RuntimeException::class);
+        $rc = new ReCaptcha($emptySecret);
+    }
+
+    public static function emptySecretProvider()
+    {
+        return [
+            [''],
+            [0],
+        ];
+    }
+
     public function testVerifyReturnsErrorOnMissingResponse()
     {
         $rc = new ReCaptcha('secret');

From acdefde10227bcf8ac25fee5329182d297041499 Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 19:20:35 +0000
Subject: [PATCH 3/6] Type hint updates

---
 examples/appengine-https.php                  |   8 +-
 .../recaptcha-content-security-policy.php     |   9 +-
 examples/recaptcha-v2-checkbox-explicit.php   |  19 +++-
 examples/recaptcha-v2-checkbox.php            |  19 +++-
 examples/recaptcha-v2-invisible.php           |  19 +++-
 examples/recaptcha-v3-request-scores.php      |   9 +-
 examples/recaptcha-v3-verify.php              |  23 +++-
 src/ReCaptcha/ReCaptcha.php                   |   8 +-
 src/ReCaptcha/RequestMethod.php               |   2 +-
 src/ReCaptcha/RequestMethod/CurlPost.php      |  12 +-
 src/ReCaptcha/RequestMethod/Post.php          |  12 +-
 src/ReCaptcha/RequestMethod/SocketPost.php    |  21 +++-
 src/ReCaptcha/RequestParameters.php           |  32 ++----
 src/ReCaptcha/Response.php                    |  59 +++-------
 tests/ReCaptcha/ReCaptchaTest.php             |  70 +++++++-----
 .../ReCaptcha/RequestMethod/CurlPostTest.php  |  34 +++---
 tests/ReCaptcha/RequestMethod/PostTest.php    | 107 ++++++++++++++----
 .../RequestMethod/SocketPostTest.php          |  59 ++++------
 tests/ReCaptcha/RequestParametersTest.php     |  27 +++--
 tests/ReCaptcha/ResponseTest.php              |  41 ++++---
 20 files changed, 344 insertions(+), 246 deletions(-)

diff --git a/examples/appengine-https.php b/examples/appengine-https.php
index cee9162..7ef8474 100644
--- a/examples/appengine-https.php
+++ b/examples/appengine-https.php
@@ -37,7 +37,13 @@
 if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
     if ('http' === $_SERVER['HTTP_X_FORWARDED_PROTO']) {
         header('HTTP/1.1 301 Moved Permanently');
-        header('Location: https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
+
+        /** @var string $serverName */
+        $serverName = $_SERVER['SERVER_NAME'];
+
+        /** @var string $requestUri */
+        $requestUri = $_SERVER['REQUEST_URI'];
+        header('Location: https://'.$serverName.$requestUri);
 
         exit(0);
     }
diff --git a/examples/recaptcha-content-security-policy.php b/examples/recaptcha-content-security-policy.php
index 6498f5e..e4e427f 100644
--- a/examples/recaptcha-content-security-policy.php
+++ b/examples/recaptcha-content-security-policy.php
@@ -70,7 +70,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{v3: array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v3']['site'];
     $secret = $config['v3']['secret'];
@@ -115,7 +116,7 @@
     <p><strong>NOTE:</strong>This is a sample implementation, the score returned here is not a reflection on your Google account or type of traffic. In production, refer to the distribution of scores shown in <a href="https://www.google.com/recaptcha/admin" target="_blank">your admin interface</a> and adjust your own threshold accordingly. <strong>Do not raise issues regarding the score you see here.</strong></p>
     <ol id="recaptcha-steps">
         <li class="step0">reCAPTCHA script loading</li>
-        <li class="step1 hidden"><kbd>grecaptcha.ready()</kbd> fired, calling <pre>grecaptcha.execute('<?php echo $siteKey; ?>', {action: '<?php echo $pageAction; ?>'})'</pre></li>
+        <li class="step1 hidden"><kbd>grecaptcha.ready()</kbd> fired, calling <pre>grecaptcha.execute('<?php echo (string) $siteKey; ?>', {action: '<?php echo $pageAction; ?>'})'</pre></li>
         <li class="step2 hidden">Received token from reCAPTCHA service, sending to our backend with:
         <pre class="token">fetch('/recaptcha-v3-verify.php?token=abc123</pre></li>
         <li class="step3 hidden">Received response from our backend: <pre class="response">{"json": "from-backend"}</pre></li>
@@ -128,7 +129,7 @@
         const steps = document.getElementById('recaptcha-steps');
         grecaptcha.ready(function() {
             document.querySelector('.step1').classList.remove('hidden');
-            grecaptcha.execute('<?php echo $siteKey; ?>', {action: '<?php echo $pageAction; ?>'}).then(function(token) {
+            grecaptcha.execute('<?php echo (string) $siteKey; ?>', {action: '<?php echo $pageAction; ?>'}).then(function(token) {
                 document.querySelector('.token').innerHTML = 'fetch(\'/recaptcha-v3-verify.php?action=<?php echo $pageAction; ?>&token=\'' + token;
                 document.querySelector('.step2').classList.remove('hidden');
 
@@ -143,7 +144,7 @@
     };
     </script>
     <!-- Add the nonce value for the reCAPTCHA library to its script tag -->
-    <script async defer src="https://www.google.com/recaptcha/api.js?render=<?php echo $siteKey; ?>&onload=onloadCallback" nonce="<?php echo $nonce; ?>"></script>
+    <script async defer src="https://www.google.com/recaptcha/api.js?render=<?php echo (string) $siteKey; ?>&onload=onloadCallback" nonce="<?php echo $nonce; ?>"></script>
 
 <?php
 }?>
diff --git a/examples/recaptcha-v2-checkbox-explicit.php b/examples/recaptcha-v2-checkbox-explicit.php
index 1cf637f..3393c68 100644
--- a/examples/recaptcha-v2-checkbox-explicit.php
+++ b/examples/recaptcha-v2-checkbox-explicit.php
@@ -47,7 +47,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{'v2-standard': array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v2-standard']['site'];
     $secret = $config['v2-standard']['secret'];
@@ -91,6 +92,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
+    /** @var string $secret */
     $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
@@ -98,8 +100,17 @@
     // This makes use of fsockopen() instead.
     //  $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
     // Make the call to verify the response and also pass the user's IP address
-    $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
+    /** @var string $serverName */
+    $serverName = $_SERVER['SERVER_NAME'];
+
+    /** @var string $responseKey */
+    $responseKey = $_POST[ReCaptcha::RESPONSE_KEY];
+
+    /** @var null|string $remoteAddr */
+    $remoteAddr = $_SERVER['REMOTE_ADDR'];
+
+    $resp = $recaptcha->setExpectedHostname($serverName)
+        ->verify($responseKey, $remoteAddr)
     ;
 
     if ($resp->isSuccess()) {
@@ -139,7 +150,7 @@
     var onloadCallback = function() {
         var captchaContainer = document.querySelector('.g-recaptcha');
         grecaptcha.render(captchaContainer, {
-          'sitekey' : '<?php echo $siteKey; ?>'
+          'sitekey' : '<?php echo (string) $siteKey; ?>'
         });
         document.querySelector('button[type="submit"]').disabled = false;
     };
diff --git a/examples/recaptcha-v2-checkbox.php b/examples/recaptcha-v2-checkbox.php
index 2031946..25ad3fd 100644
--- a/examples/recaptcha-v2-checkbox.php
+++ b/examples/recaptcha-v2-checkbox.php
@@ -47,7 +47,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{'v2-standard': array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v2-standard']['site'];
     $secret = $config['v2-standard']['secret'];
@@ -91,6 +92,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
+    /** @var string $secret */
     $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
@@ -99,8 +101,17 @@
     //  $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
 
     // Make the call to verify the response and also pass the user's IP address
-    $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
+    /** @var string $serverName */
+    $serverName = $_SERVER['SERVER_NAME'];
+
+    /** @var string $responseKey */
+    $responseKey = $_POST[ReCaptcha::RESPONSE_KEY];
+
+    /** @var null|string $remoteAddr */
+    $remoteAddr = $_SERVER['REMOTE_ADDR'];
+
+    $resp = $recaptcha->setExpectedHostname($serverName)
+        ->verify($responseKey, $remoteAddr)
     ;
     if ($resp->isSuccess()) {
         // If the response is a success, that's it!
@@ -130,7 +141,7 @@
             <label class="form-field">Example input A: <input type="text" name="ex-a" value="foo"></label>
             <label class="form-field">Example input B: <input type="text" name="ex-b" value="bar"></label>
             <!-- Default behaviour looks for the g-recaptcha class with a data-sitekey attribute -->
-            <div class="g-recaptcha form-field" data-sitekey="<?php echo $siteKey; ?>"></div>
+            <div class="g-recaptcha form-field" data-sitekey="<?php echo (string) $siteKey; ?>"></div>
             <!-- Submitting before the widget loads will result in a missing-input-response error so you need to verify server side -->
             <button class="form-field" type="submit">Submit <span aria-hidden="true">↦</span></button>
         </fieldset>
diff --git a/examples/recaptcha-v2-invisible.php b/examples/recaptcha-v2-invisible.php
index 2552c55..f075e6b 100644
--- a/examples/recaptcha-v2-invisible.php
+++ b/examples/recaptcha-v2-invisible.php
@@ -47,7 +47,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{'v2-invisible': array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v2-invisible']['site'];
     $secret = $config['v2-invisible']['secret'];
@@ -91,6 +92,7 @@
         <?php
     // If the form submission includes the "g-captcha-response" field
     // Create an instance of the service using your secret
+    /** @var string $secret */
     $recaptcha = new ReCaptcha($secret);
 
     // If file_get_contents() is locked down on your PHP installation to disallow
@@ -99,8 +101,17 @@
     //  $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
 
     // Make the call to verify the response and also pass the user's IP address
-    $resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-        ->verify($_POST[ReCaptcha::RESPONSE_KEY], $_SERVER['REMOTE_ADDR'])
+    /** @var string $serverName */
+    $serverName = $_SERVER['SERVER_NAME'];
+
+    /** @var string $responseKey */
+    $responseKey = $_POST[ReCaptcha::RESPONSE_KEY];
+
+    /** @var null|string $remoteAddr */
+    $remoteAddr = $_SERVER['REMOTE_ADDR'];
+
+    $resp = $recaptcha->setExpectedHostname($serverName)
+        ->verify($responseKey, $remoteAddr)
     ;
     if ($resp->isSuccess()) {
         // If the response is a success, that's it!
@@ -129,7 +140,7 @@
             <legend>An example form</legend>
             <label class="form-field">Example input A: <input type="text" name="ex-a" value="foo"></label>
             <label class="form-field">Example input B: <input type="text" name="ex-b" value="bar"></label>
-            <button class="g-recaptcha form-field" data-sitekey="<?php echo $siteKey; ?>" data-callback='onSubmit'>Submit <span aria-hidden="true">↦</span></button>
+            <button class="g-recaptcha form-field" data-sitekey="<?php echo (string) $siteKey; ?>" data-callback='onSubmit'>Submit <span aria-hidden="true">↦</span></button>
         </fieldset>
     </form>
     <script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl=<?php echo $lang; ?>" async defer></script>
diff --git a/examples/recaptcha-v3-request-scores.php b/examples/recaptcha-v3-request-scores.php
index d92a7ee..80368b0 100644
--- a/examples/recaptcha-v3-request-scores.php
+++ b/examples/recaptcha-v3-request-scores.php
@@ -44,7 +44,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{v3: array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v3']['site'];
     $secret = $config['v3']['secret'];
@@ -90,18 +91,18 @@
     <p><strong>NOTE:</strong>This is a sample implementation, the score returned here is not a reflection on your Google account or type of traffic. In production, refer to the distribution of scores shown in <a href="https://www.google.com/recaptcha/admin" target="_blank">your admin interface</a> and adjust your own threshold accordingly. <strong>Do not raise issues regarding the score you see here.</strong></p>
     <ol id="recaptcha-steps">
         <li class="step0">reCAPTCHA script loading</li>
-        <li class="step1 hidden"><kbd>grecaptcha.ready()</kbd> fired, calling <pre>grecaptcha.execute('<?php echo $siteKey; ?>', {action: '<?php echo $pageAction; ?>'})'</pre></li>
+        <li class="step1 hidden"><kbd>grecaptcha.ready()</kbd> fired, calling <pre>grecaptcha.execute('<?php echo (string) $siteKey; ?>', {action: '<?php echo $pageAction; ?>'})'</pre></li>
         <li class="step2 hidden">Received token from reCAPTCHA service, sending to our backend with:
         <pre class="token">fetch('/recaptcha-v3-verify.php?token=abc123</pre></li>
         <li class="step3 hidden">Received response from our backend: <pre class="response">{"json": "from-backend"}</pre></li>
     </ol>
     <p><a href="/recaptcha-v3-request-scores.php"><span aria-hidden="true">⤴️</span> Try again</a></p>
-    <script src="https://www.google.com/recaptcha/api.js?render=<?php echo $siteKey; ?>"></script>
+    <script src="https://www.google.com/recaptcha/api.js?render=<?php echo (string) $siteKey; ?>"></script>
     <script>
         const steps = document.getElementById('recaptcha-steps');
         grecaptcha.ready(function() {
             document.querySelector('.step1').classList.remove('hidden');
-            grecaptcha.execute('<?php echo $siteKey; ?>', {action: '<?php echo $pageAction; ?>'}).then(function(token) {
+            grecaptcha.execute('<?php echo (string) $siteKey; ?>', {action: '<?php echo $pageAction; ?>'}).then(function(token) {
                 document.querySelector('.token').innerHTML = 'fetch(\'/recaptcha-v3-verify.php?action=<?php echo $pageAction; ?>&token=\'' + token;
                 document.querySelector('.step2').classList.remove('hidden');
 
diff --git a/examples/recaptcha-v3-verify.php b/examples/recaptcha-v3-verify.php
index b4ffa43..5347cbd 100644
--- a/examples/recaptcha-v3-verify.php
+++ b/examples/recaptcha-v3-verify.php
@@ -47,7 +47,8 @@
 $secret = '';
 
 // Copy the config.php.dist file to config.php and update it with your keys to run the examples
-if ('' == $siteKey && is_readable(__DIR__.'/config.php')) {
+if (is_readable(__DIR__.'/config.php')) {
+    /** @var array{v3: array{site: string, secret: string}} $config */
     $config = include __DIR__.'/config.php';
     $siteKey = $config['v3']['site'];
     $secret = $config['v3']['secret'];
@@ -55,11 +56,25 @@
 
 // Effectively we're providing an API endpoint here that will accept the token, verify it, and return the action / score to the page
 // In production, always sanitize and validate the input you retrieve from the request.
+/** @var string $secret */
 $recaptcha = new ReCaptcha($secret);
-$resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
-    ->setExpectedAction($_GET['action'])
+
+/** @var string $serverName */
+$serverName = $_SERVER['SERVER_NAME'];
+
+/** @var string $action */
+$action = $_GET['action'];
+
+/** @var string $token */
+$token = $_GET['token'];
+
+/** @var null|string $remoteAddr */
+$remoteAddr = $_SERVER['REMOTE_ADDR'];
+
+$resp = $recaptcha->setExpectedHostname($serverName)
+    ->setExpectedAction($action)
     ->setScoreThreshold(0.5)
-    ->verify($_GET['token'], $_SERVER['REMOTE_ADDR'])
+    ->verify($token, $remoteAddr)
 ;
 header('Content-type:application/json');
 echo json_encode($resp->toArray());
diff --git a/src/ReCaptcha/ReCaptcha.php b/src/ReCaptcha/ReCaptcha.php
index 1cf5298..c099d39 100644
--- a/src/ReCaptcha/ReCaptcha.php
+++ b/src/ReCaptcha/ReCaptcha.php
@@ -135,15 +135,11 @@ class ReCaptcha
 
     /**
      * Shared secret for the site.
-     *
-     * @var string
      */
     private string $secret;
 
     /**
      * Method used to communicate with service. Defaults to POST request.
-     *
-     * @var RequestMethod
      */
     private RequestMethod $requestMethod;
 
@@ -182,8 +178,8 @@ public function __construct(string $secret, ?RequestMethod $requestMethod = null
      * Calls the reCAPTCHA siteverify API to verify whether the user passes
      * CAPTCHA test and additionally runs any specified additional checks.
      *
-     * @param string $response the user response token provided by reCAPTCHA, verifying the user on your site
-     * @param string|null $remoteIp the end user's IP address
+     * @param string      $response the user response token provided by reCAPTCHA, verifying the user on your site
+     * @param null|string $remoteIp the end user's IP address
      *
      * @return Response response from the service
      */
diff --git a/src/ReCaptcha/RequestMethod.php b/src/ReCaptcha/RequestMethod.php
index 12335ec..5b4211f 100644
--- a/src/ReCaptcha/RequestMethod.php
+++ b/src/ReCaptcha/RequestMethod.php
@@ -49,5 +49,5 @@ interface RequestMethod
      *
      * @return string Body of the reCAPTCHA response
      */
-    public function submit(RequestParameters $params);
+    public function submit(RequestParameters $params): string;
 }
diff --git a/src/ReCaptcha/RequestMethod/CurlPost.php b/src/ReCaptcha/RequestMethod/CurlPost.php
index 3aa32a5..1ab92a8 100644
--- a/src/ReCaptcha/RequestMethod/CurlPost.php
+++ b/src/ReCaptcha/RequestMethod/CurlPost.php
@@ -51,17 +51,15 @@ class CurlPost implements RequestMethod
 {
     /**
      * URL for reCAPTCHA siteverify API.
-     *
-     * @var string
      */
-    private $siteVerifyUrl;
+    private string $siteVerifyUrl;
 
     /**
      * Only needed if you want to override the defaults.
      *
-     * @param string $siteVerifyUrl URL for reCAPTCHA siteverify API
+     * @param null|string $siteVerifyUrl URL for reCAPTCHA siteverify API
      */
-    public function __construct($siteVerifyUrl = null)
+    public function __construct(?string $siteVerifyUrl = null)
     {
         $this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
     }
@@ -73,7 +71,7 @@ public function __construct($siteVerifyUrl = null)
      *
      * @return string Body of the reCAPTCHA response
      */
-    public function submit(RequestParameters $params)
+    public function submit(RequestParameters $params): string
     {
         $handle = curl_init($this->siteVerifyUrl);
 
@@ -92,7 +90,7 @@ public function submit(RequestParameters $params)
 
         $response = curl_exec($handle);
 
-        if (false !== $response) {
+        if (is_string($response)) {
             return $response;
         }
 
diff --git a/src/ReCaptcha/RequestMethod/Post.php b/src/ReCaptcha/RequestMethod/Post.php
index 4c3c8b1..7ec81e6 100644
--- a/src/ReCaptcha/RequestMethod/Post.php
+++ b/src/ReCaptcha/RequestMethod/Post.php
@@ -48,17 +48,15 @@ class Post implements RequestMethod
 {
     /**
      * URL for reCAPTCHA siteverify API.
-     *
-     * @var string
      */
-    private $siteVerifyUrl;
+    private string $siteVerifyUrl;
 
     /**
      * Only needed if you want to override the defaults.
      *
-     * @param string $siteVerifyUrl URL for reCAPTCHA siteverify API
+     * @param null|string $siteVerifyUrl URL for reCAPTCHA siteverify API
      */
-    public function __construct($siteVerifyUrl = null)
+    public function __construct(?string $siteVerifyUrl = null)
     {
         $this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
     }
@@ -70,7 +68,7 @@ public function __construct($siteVerifyUrl = null)
      *
      * @return string Body of the reCAPTCHA response
      */
-    public function submit(RequestParameters $params)
+    public function submit(RequestParameters $params): string
     {
         $options = [
             'http' => [
@@ -84,7 +82,7 @@ public function submit(RequestParameters $params)
         $context = stream_context_create($options);
         $response = file_get_contents($this->siteVerifyUrl, false, $context);
 
-        if (false !== $response) {
+        if (is_string($response)) {
             return $response;
         }
 
diff --git a/src/ReCaptcha/RequestMethod/SocketPost.php b/src/ReCaptcha/RequestMethod/SocketPost.php
index ec63ebd..dccce74 100644
--- a/src/ReCaptcha/RequestMethod/SocketPost.php
+++ b/src/ReCaptcha/RequestMethod/SocketPost.php
@@ -48,14 +48,14 @@
  */
 class SocketPost implements RequestMethod
 {
-    private $siteVerifyUrl;
+    private string $siteVerifyUrl;
 
     /**
      * Only needed if you want to override the defaults.
      *
-     * @param string $siteVerifyUrl URL for reCAPTCHA siteverify API
+     * @param null|string $siteVerifyUrl URL for reCAPTCHA siteverify API
      */
-    public function __construct($siteVerifyUrl = null)
+    public function __construct(?string $siteVerifyUrl = null)
     {
         $this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
     }
@@ -67,12 +67,16 @@ public function __construct($siteVerifyUrl = null)
      *
      * @return string Body of the reCAPTCHA response
      */
-    public function submit(RequestParameters $params)
+    public function submit(RequestParameters $params): string
     {
         $errno = 0;
         $errstr = '';
         $urlParsed = parse_url($this->siteVerifyUrl);
 
+        if (false === $urlParsed || !isset($urlParsed['host']) || !isset($urlParsed['path'])) {
+            return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
+        }
+
         $handle = fsockopen('ssl://'.$urlParsed['host'], 443, $errno, $errstr, 30);
 
         if (false === $handle || 0 !== $errno || '' !== $errstr) {
@@ -92,7 +96,10 @@ public function submit(RequestParameters $params)
         $response = '';
 
         while (!feof($handle)) {
-            $response .= fgets($handle, 4096);
+            $line = fgets($handle, 4096);
+            if (is_string($line)) {
+                $response .= $line;
+            }
         }
 
         fclose($handle);
@@ -103,6 +110,10 @@ public function submit(RequestParameters $params)
 
         $parts = preg_split("#\n\\s*\n#Uis", $response);
 
+        if (!is_array($parts) || !isset($parts[1])) {
+            return '{"success": false, "error-codes": ["'.ReCaptcha::E_BAD_RESPONSE.'"]}';
+        }
+
         return $parts[1];
     }
 }
diff --git a/src/ReCaptcha/RequestParameters.php b/src/ReCaptcha/RequestParameters.php
index b773d65..742713a 100644
--- a/src/ReCaptcha/RequestParameters.php
+++ b/src/ReCaptcha/RequestParameters.php
@@ -44,41 +44,33 @@ class RequestParameters
 {
     /**
      * The shared key between your site and reCAPTCHA.
-     *
-     * @var string
      */
-    private $secret;
+    private string $secret;
 
     /**
      * The user response token provided by reCAPTCHA, verifying the user on your site.
-     *
-     * @var string
      */
-    private $response;
+    private string $response;
 
     /**
      * Remote user's IP address.
-     *
-     * @var string
      */
-    private $remoteIp;
+    private ?string $remoteIp;
 
     /**
      * Client version.
-     *
-     * @var string
      */
-    private $version;
+    private ?string $version;
 
     /**
      * Initialise parameters.
      *
-     * @param string $secret   site secret
-     * @param string $response value from g-captcha-response form field
-     * @param string $remoteIp user's IP address
-     * @param string $version  version of this client library
+     * @param string      $secret   site secret
+     * @param string      $response value from g-captcha-response form field
+     * @param null|string $remoteIp user's IP address
+     * @param null|string $version  version of this client library
      */
-    public function __construct($secret, $response, $remoteIp = null, $version = null)
+    public function __construct(string $secret, string $response, ?string $remoteIp = null, ?string $version = null)
     {
         $this->secret = $secret;
         $this->response = $response;
@@ -89,9 +81,9 @@ public function __construct($secret, $response, $remoteIp = null, $version = nul
     /**
      * Array representation.
      *
-     * @return array array formatted parameters
+     * @return array<string, string> array formatted parameters
      */
-    public function toArray()
+    public function toArray(): array
     {
         $params = ['secret' => $this->secret, 'response' => $this->response];
 
@@ -111,7 +103,7 @@ public function toArray()
      *
      * @return string query string formatted parameters
      */
-    public function toQueryString()
+    public function toQueryString(): string
     {
         return http_build_query($this->toArray(), '', '&');
     }
diff --git a/src/ReCaptcha/Response.php b/src/ReCaptcha/Response.php
index 774a5d6..efa2e6a 100644
--- a/src/ReCaptcha/Response.php
+++ b/src/ReCaptcha/Response.php
@@ -44,63 +44,45 @@ class Response
 {
     /**
      * Success or failure.
-     *
-     * @var bool
      */
     private bool $success = false;
 
     /**
      * Error code strings.
      *
-     * @var array
+     * @var array<string>
      */
     private array $errorCodes = [];
 
     /**
      * The hostname of the site where the reCAPTCHA was solved.
-     *
-     * @var string
      */
     private string $hostname;
 
     /**
      * Timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ).
-     *
-     * @var string
      */
     private string $challengeTs;
 
     /**
      * APK package name.
-     *
-     * @var string
      */
     private string $apkPackageName;
 
     /**
      * Score assigned to the request.
-     *
-     * @var float|null
      */
     private ?float $score;
 
     /**
      * Action as specified by the page.
-     *
-     * @var string
      */
     private string $action;
 
     /**
      * Constructor.
      *
-     * @param bool   $success
-     * @param array  $errorCodes
-     * @param string $hostname
-     * @param string $challengeTs
-     * @param string $apkPackageName
-     * @param float|null $score
-     * @param string $action
+     * @param array<string> $errorCodes
      */
     public function __construct(bool $success, array $errorCodes = [], string $hostname = '', string $challengeTs = '', string $apkPackageName = '', ?float $score = null, string $action = '')
     {
@@ -115,31 +97,30 @@ public function __construct(bool $success, array $errorCodes = [], string $hostn
 
     /**
      * Build the response from the expected JSON returned by the service.
-     *
-     * @param string $json
-     *
-     * @return Response
      */
     public static function fromJson(string $json): Response
     {
         $responseData = json_decode($json, true);
 
-        if (!$responseData) {
+        if (!is_array($responseData)) {
             return new Response(false, [ReCaptcha::E_INVALID_JSON]);
         }
 
-        $hostname = $responseData['hostname'] ?? '';
-        $challengeTs = $responseData['challenge_ts'] ?? '';
-        $apkPackageName = $responseData['apk_package_name'] ?? '';
-        $score = isset($responseData['score']) ? floatval($responseData['score']) : null;
-        $action = $responseData['action'] ?? '';
+        $hostname = isset($responseData['hostname']) && is_string($responseData['hostname']) ? $responseData['hostname'] : '';
+        $challengeTs = isset($responseData['challenge_ts']) && is_string($responseData['challenge_ts']) ? $responseData['challenge_ts'] : '';
+        $apkPackageName = isset($responseData['apk_package_name']) && is_string($responseData['apk_package_name']) ? $responseData['apk_package_name'] : '';
+        $score = isset($responseData['score']) && is_numeric($responseData['score']) ? floatval($responseData['score']) : null;
+        $action = isset($responseData['action']) && is_string($responseData['action']) ? $responseData['action'] : '';
 
-        if (isset($responseData['success']) && true == $responseData['success']) {
+        if (isset($responseData['success']) && true === $responseData['success']) {
             return new Response(true, [], $hostname, $challengeTs, $apkPackageName, $score, $action);
         }
 
         if (isset($responseData['error-codes']) && is_array($responseData['error-codes'])) {
-            return new Response(false, $responseData['error-codes'], $hostname, $challengeTs, $apkPackageName, $score, $action);
+            /** @var array<string> $errorCodes */
+            $errorCodes = $responseData['error-codes'];
+
+            return new Response(false, $errorCodes, $hostname, $challengeTs, $apkPackageName, $score, $action);
         }
 
         return new Response(false, [ReCaptcha::E_UNKNOWN_ERROR], $hostname, $challengeTs, $apkPackageName, $score, $action);
@@ -147,8 +128,6 @@ public static function fromJson(string $json): Response
 
     /**
      * Is success?
-     *
-     * @return bool
      */
     public function isSuccess(): bool
     {
@@ -158,7 +137,7 @@ public function isSuccess(): bool
     /**
      * Get error codes.
      *
-     * @return array
+     * @return array<string>
      */
     public function getErrorCodes(): array
     {
@@ -167,8 +146,6 @@ public function getErrorCodes(): array
 
     /**
      * Get hostname.
-     *
-     * @return string
      */
     public function getHostname(): string
     {
@@ -177,8 +154,6 @@ public function getHostname(): string
 
     /**
      * Get challenge timestamp.
-     *
-     * @return string
      */
     public function getChallengeTs(): string
     {
@@ -187,8 +162,6 @@ public function getChallengeTs(): string
 
     /**
      * Get APK package name.
-     *
-     * @return string
      */
     public function getApkPackageName(): string
     {
@@ -197,8 +170,6 @@ public function getApkPackageName(): string
 
     /**
      * Get score.
-     *
-     * @return float|null
      */
     public function getScore(): ?float
     {
@@ -207,8 +178,6 @@ public function getScore(): ?float
 
     /**
      * Get action.
-     *
-     * @return string
      */
     public function getAction(): string
     {
diff --git a/tests/ReCaptcha/ReCaptchaTest.php b/tests/ReCaptcha/ReCaptchaTest.php
index 004a727..809a514 100644
--- a/tests/ReCaptcha/ReCaptchaTest.php
+++ b/tests/ReCaptcha/ReCaptchaTest.php
@@ -45,15 +45,13 @@
  */
 class GlobalState
 {
-    public static $isCurlAvailable;
+    public static ?bool $isCurlAvailable = null;
 }
 
 /**
  * Mock function_exists in the ReCaptcha namespace.
- *
- * @param mixed $function
  */
-function function_exists($function)
+function function_exists(string $function): bool
 {
     if ('curl_version' === $function && !is_null(GlobalState::$isCurlAvailable)) {
         return GlobalState::$isCurlAvailable;
@@ -75,13 +73,18 @@ protected function tearDown(): void
     }
 
     #[DataProvider('invalidSecretProvider')]
-    public function testExceptionThrownOnInvalidSecretType($invalid)
+    public function testExceptionThrownOnInvalidSecretType(mixed $invalid): void
     {
         $this->expectException(\TypeError::class);
+
+        /** @phpstan-ignore argument.type */
         $rc = new ReCaptcha($invalid);
     }
 
-    public static function invalidSecretProvider()
+    /**
+     * @return array<int, array<int, mixed>>
+     */
+    public static function invalidSecretProvider(): array
     {
         return [
             [null],
@@ -91,13 +94,18 @@ public static function invalidSecretProvider()
     }
 
     #[DataProvider('emptySecretProvider')]
-    public function testExceptionThrownOnEmptySecret($emptySecret)
+    public function testExceptionThrownOnEmptySecret(mixed $emptySecret): void
     {
         $this->expectException(\RuntimeException::class);
+
+        /** @phpstan-ignore argument.type */
         $rc = new ReCaptcha($emptySecret);
     }
 
-    public static function emptySecretProvider()
+    /**
+     * @return array<int, array<int, mixed>>
+     */
+    public static function emptySecretProvider(): array
     {
         return [
             [''],
@@ -105,15 +113,15 @@ public static function emptySecretProvider()
         ];
     }
 
-    public function testVerifyReturnsErrorOnMissingResponse()
+    public function testVerifyReturnsErrorOnMissingResponse(): void
     {
         $rc = new ReCaptcha('secret');
         $response = $rc->verify('');
         $this->assertFalse($response->isSuccess());
-        $this->assertEquals([Recaptcha::E_MISSING_INPUT_RESPONSE], $response->getErrorCodes());
+        $this->assertEquals([ReCaptcha::E_MISSING_INPUT_RESPONSE], $response->getErrorCodes());
     }
 
-    public function testDefaultRequestMethodWithCurl()
+    public function testDefaultRequestMethodWithCurl(): void
     {
         GlobalState::$isCurlAvailable = true;
         $rc = new ReCaptcha('secret');
@@ -124,7 +132,7 @@ public function testDefaultRequestMethodWithCurl()
         $this->assertInstanceOf(RequestMethod\CurlPost::class, $requestMethod);
     }
 
-    public function testDefaultRequestMethodWithoutCurl()
+    public function testDefaultRequestMethodWithoutCurl(): void
     {
         GlobalState::$isCurlAvailable = false;
         $rc = new ReCaptcha('secret');
@@ -135,7 +143,7 @@ public function testDefaultRequestMethodWithoutCurl()
         $this->assertInstanceOf(RequestMethod\Post::class, $requestMethod);
     }
 
-    public function testVerifyReturnsResponse()
+    public function testVerifyReturnsResponse(): void
     {
         $method = $this->getMockRequestMethod('{"success": true}');
         $rc = new ReCaptcha('secret', $method);
@@ -143,7 +151,7 @@ public function testVerifyReturnsResponse()
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyReturnsInitialResponseWithoutAdditionalChecks()
+    public function testVerifyReturnsInitialResponseWithoutAdditionalChecks(): void
     {
         $method = $this->getMockRequestMethod('{"success": true}');
         $rc = new ReCaptcha('secret', $method);
@@ -151,7 +159,7 @@ public function testVerifyReturnsInitialResponseWithoutAdditionalChecks()
         $this->assertEquals($initialResponse, $rc->verify('response'));
     }
 
-    public function testVerifyHostnameMatch()
+    public function testVerifyHostnameMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "hostname": "host.name"}');
         $rc = new ReCaptcha('secret', $method);
@@ -159,7 +167,7 @@ public function testVerifyHostnameMatch()
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyHostnameMisMatch()
+    public function testVerifyHostnameMisMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "hostname": "host.NOTname"}');
         $rc = new ReCaptcha('secret', $method);
@@ -168,7 +176,7 @@ public function testVerifyHostnameMisMatch()
         $this->assertEquals([ReCaptcha::E_HOSTNAME_MISMATCH], $response->getErrorCodes());
     }
 
-    public function testVerifyApkPackageNameMatch()
+    public function testVerifyApkPackageNameMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "apk_package_name": "apk.name"}');
         $rc = new ReCaptcha('secret', $method);
@@ -176,7 +184,7 @@ public function testVerifyApkPackageNameMatch()
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyApkPackageNameMisMatch()
+    public function testVerifyApkPackageNameMisMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "apk_package_name": "apk.NOTname"}');
         $rc = new ReCaptcha('secret', $method);
@@ -185,7 +193,7 @@ public function testVerifyApkPackageNameMisMatch()
         $this->assertEquals([ReCaptcha::E_APK_PACKAGE_NAME_MISMATCH], $response->getErrorCodes());
     }
 
-    public function testVerifyActionMatch()
+    public function testVerifyActionMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "action": "action/name"}');
         $rc = new ReCaptcha('secret', $method);
@@ -193,7 +201,7 @@ public function testVerifyActionMatch()
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyActionMisMatch()
+    public function testVerifyActionMisMatch(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "action": "action/NOTname"}');
         $rc = new ReCaptcha('secret', $method);
@@ -202,54 +210,54 @@ public function testVerifyActionMisMatch()
         $this->assertEquals([ReCaptcha::E_ACTION_MISMATCH], $response->getErrorCodes());
     }
 
-    public function testVerifyAboveThreshold()
+    public function testVerifyAboveThreshold(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "score": "0.9"}');
         $rc = new ReCaptcha('secret', $method);
-        $response = $rc->setScoreThreshold('0.5')->verify('response');
+        $response = $rc->setScoreThreshold(0.5)->verify('response');
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyBelowThreshold()
+    public function testVerifyBelowThreshold(): void
     {
         $method = $this->getMockRequestMethod('{"success": true, "score": "0.1"}');
         $rc = new ReCaptcha('secret', $method);
-        $response = $rc->setScoreThreshold('0.5')->verify('response');
+        $response = $rc->setScoreThreshold(0.5)->verify('response');
         $this->assertFalse($response->isSuccess());
         $this->assertEquals([ReCaptcha::E_SCORE_THRESHOLD_NOT_MET], $response->getErrorCodes());
     }
 
-    public function testVerifyWithinTimeout()
+    public function testVerifyWithinTimeout(): void
     {
         // Responses come back like 2018-07-31T13:48:41Z
         $challengeTs = date('Y-M-d\TH:i:s\Z', time());
         $method = $this->getMockRequestMethod('{"success": true, "challenge_ts": "'.$challengeTs.'"}');
         $rc = new ReCaptcha('secret', $method);
-        $response = $rc->setChallengeTimeout('1000')->verify('response');
+        $response = $rc->setChallengeTimeout(1000)->verify('response');
         $this->assertTrue($response->isSuccess());
     }
 
-    public function testVerifyOverTimeout()
+    public function testVerifyOverTimeout(): void
     {
         // Responses come back like 2018-07-31T13:48:41Z
         $challengeTs = date('Y-M-d\TH:i:s\Z', time() - 600);
         $method = $this->getMockRequestMethod('{"success": true, "challenge_ts": "'.$challengeTs.'"}');
         $rc = new ReCaptcha('secret', $method);
-        $response = $rc->setChallengeTimeout('60')->verify('response');
+        $response = $rc->setChallengeTimeout(60)->verify('response');
         $this->assertFalse($response->isSuccess());
         $this->assertEquals([ReCaptcha::E_CHALLENGE_TIMEOUT], $response->getErrorCodes());
     }
 
-    public function testVerifyMergesErrors()
+    public function testVerifyMergesErrors(): void
     {
         $method = $this->getMockRequestMethod('{"success": false, "error-codes": ["initial-error"], "score": "0.1"}');
         $rc = new ReCaptcha('secret', $method);
-        $response = $rc->setScoreThreshold('0.5')->verify('response');
+        $response = $rc->setScoreThreshold(0.5)->verify('response');
         $this->assertFalse($response->isSuccess());
         $this->assertEquals(['initial-error', ReCaptcha::E_SCORE_THRESHOLD_NOT_MET], $response->getErrorCodes());
     }
 
-    private function getMockRequestMethod($responseJson)
+    private function getMockRequestMethod(string $responseJson): RequestMethod
     {
         $method = $this->createStub(RequestMethod::class);
         $method->method('submit')
diff --git a/tests/ReCaptcha/RequestMethod/CurlPostTest.php b/tests/ReCaptcha/RequestMethod/CurlPostTest.php
index 64d397b..e719fbc 100644
--- a/tests/ReCaptcha/RequestMethod/CurlPostTest.php
+++ b/tests/ReCaptcha/RequestMethod/CurlPostTest.php
@@ -46,17 +46,20 @@
  */
 class CurlPostGlobalState
 {
-    public static $initUrl;
-    public static $setoptArrayOptions;
-    public static $execResponse = 'RESPONSEBODY';
+    public static ?string $initUrl = null;
+
+    /**
+     * @var null|array<int, mixed>
+     */
+    public static ?array $setoptArrayOptions = null;
+
+    public static bool|string $execResponse = 'RESPONSEBODY';
 }
 
 /**
  * Mock curl_init in the ReCaptcha\RequestMethod namespace.
- *
- * @param null|mixed $url
  */
-function curl_init($url = null)
+function curl_init(?string $url = null): \stdClass
 {
     CurlPostGlobalState::$initUrl = $url;
 
@@ -66,9 +69,9 @@ function curl_init($url = null)
 /**
  * Mock curl_setopt_array in the ReCaptcha\RequestMethod namespace.
  *
- * @param mixed $ch
+ * @param array<int, mixed> $options
  */
-function curl_setopt_array($ch, array $options)
+function curl_setopt_array(\stdClass $ch, array $options): bool
 {
     CurlPostGlobalState::$setoptArrayOptions = $options;
 
@@ -77,10 +80,8 @@ function curl_setopt_array($ch, array $options)
 
 /**
  * Mock curl_exec in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed $ch
  */
-function curl_exec($ch)
+function curl_exec(\stdClass $ch): bool|string
 {
     return CurlPostGlobalState::$execResponse;
 }
@@ -99,17 +100,20 @@ protected function setUp(): void
         CurlPostGlobalState::$execResponse = 'RESPONSEBODY';
     }
 
-    public function testSubmit()
+    public function testSubmit(): void
     {
         $pc = new CurlPost();
         $response = $pc->submit(new RequestParameters('secret', 'response'));
 
         $this->assertEquals(ReCaptcha::SITE_VERIFY_URL, CurlPostGlobalState::$initUrl);
-        $this->assertTrue(CurlPostGlobalState::$setoptArrayOptions[CURLOPT_POST]);
+
+        /** @var array<int, mixed> $options */
+        $options = CurlPostGlobalState::$setoptArrayOptions;
+        $this->assertTrue($options[CURLOPT_POST]);
         $this->assertEquals('RESPONSEBODY', $response);
     }
 
-    public function testOverrideSiteVerifyUrl()
+    public function testOverrideSiteVerifyUrl(): void
     {
         $url = 'OVERRIDE';
         $pc = new CurlPost($url);
@@ -119,7 +123,7 @@ public function testOverrideSiteVerifyUrl()
         $this->assertEquals('RESPONSEBODY', $response);
     }
 
-    public function testConnectionFailureReturnsError()
+    public function testConnectionFailureReturnsError(): void
     {
         CurlPostGlobalState::$execResponse = false;
         $pc = new CurlPost();
diff --git a/tests/ReCaptcha/RequestMethod/PostTest.php b/tests/ReCaptcha/RequestMethod/PostTest.php
index 96477e0..958732f 100644
--- a/tests/ReCaptcha/RequestMethod/PostTest.php
+++ b/tests/ReCaptcha/RequestMethod/PostTest.php
@@ -48,9 +48,12 @@
  */
 class PostTest extends TestCase
 {
+    /**
+     * @var null|callable
+     */
     public static $assert;
-    protected $parameters;
-    protected $runcount = 0;
+    protected RequestParameters $parameters;
+    protected int $runcount = 0;
 
     public function setUp(): void
     {
@@ -62,7 +65,7 @@ public function tearDown(): void
         self::$assert = null;
     }
 
-    public function testHTTPContextOptions()
+    public function testHTTPContextOptions(): void
     {
         $req = new Post();
         self::$assert = [$this, 'httpContextOptionsCallback'];
@@ -70,7 +73,7 @@ public function testHTTPContextOptions()
         $this->assertEquals(1, $this->runcount, 'The assertion was ran');
     }
 
-    public function testSSLContextOptions()
+    public function testSSLContextOptions(): void
     {
         $req = new Post();
         self::$assert = [$this, 'sslContextOptionsCallback'];
@@ -78,7 +81,7 @@ public function testSSLContextOptions()
         $this->assertEquals(1, $this->runcount, 'The assertion was ran');
     }
 
-    public function testOverrideVerifyUrl()
+    public function testOverrideVerifyUrl(): void
     {
         $req = new Post('https://over.ride/some/path');
         self::$assert = [$this, 'overrideUrlOptions'];
@@ -86,7 +89,7 @@ public function testOverrideVerifyUrl()
         $this->assertEquals(1, $this->runcount, 'The assertion was ran');
     }
 
-    public function testConnectionFailureReturnsError()
+    public function testConnectionFailureReturnsError(): void
     {
         $req = new Post('https://bad.connection/');
         self::$assert = [$this, 'connectionFailureResponse'];
@@ -94,61 +97,115 @@ public function testConnectionFailureReturnsError()
         $this->assertEquals('{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}', $response);
     }
 
-    public function connectionFailureResponse()
+    public function connectionFailureResponse(): bool
     {
         return false;
     }
 
-    public function overrideUrlOptions(array $args)
+    /**
+     * @param array<int, mixed> $args
+     */
+    public function overrideUrlOptions(array $args): void
     {
         ++$this->runcount;
         $this->assertEquals('https://over.ride/some/path', $args[0]);
     }
 
-    public function httpContextOptionsCallback(array $args)
+    /**
+     * @param array<int, mixed> $args
+     */
+    public function httpContextOptionsCallback(array $args): void
     {
         ++$this->runcount;
         $this->assertCommonOptions($args);
 
-        $options = stream_context_get_options($args[2]);
+        /** @var resource $context */
+        $context = $args[2];
+        $options = stream_context_get_options($context);
         $this->assertArrayHasKey('http', $options);
 
-        $this->assertArrayHasKey('method', $options['http']);
-        $this->assertEquals('POST', $options['http']['method']);
+        /** @var array<string, mixed> $httpOptions */
+        $httpOptions = $options['http'];
 
-        $this->assertArrayHasKey('content', $options['http']);
-        $this->assertEquals($this->parameters->toQueryString(), $options['http']['content']);
+        $this->assertArrayHasKey('method', $httpOptions);
+        $this->assertEquals('POST', $httpOptions['method']);
 
-        $this->assertArrayHasKey('header', $options['http']);
-        $this->assertStringContainsStringIgnoringCase('Content-type: application/x-www-form-urlencoded', $options['http']['header']);
+        $this->assertArrayHasKey('content', $httpOptions);
+        $this->assertEquals($this->parameters->toQueryString(), $httpOptions['content']);
+
+        $this->assertArrayHasKey('header', $httpOptions);
+
+        /** @var string $header */
+        $header = $httpOptions['header'];
+        $this->assertStringContainsStringIgnoringCase('Content-type: application/x-www-form-urlencoded', $header);
     }
 
-    public function sslContextOptionsCallback(array $args)
+    /**
+     * @param array<int, mixed> $args
+     */
+    public function sslContextOptionsCallback(array $args): void
     {
         ++$this->runcount;
         $this->assertCommonOptions($args);
 
-        $options = stream_context_get_options($args[2]);
+        /** @var resource $context */
+        $context = $args[2];
+        $options = stream_context_get_options($context);
         $this->assertArrayHasKey('http', $options);
-        $this->assertArrayHasKey('verify_peer', $options['http']);
-        $this->assertTrue($options['http']['verify_peer']);
+
+        /** @var array<string, mixed> $httpOptions */
+        $httpOptions = $options['http'];
+
+        $this->assertArrayHasKey('verify_peer', $httpOptions);
+        $this->assertTrue($httpOptions['verify_peer']);
     }
 
-    protected function assertCommonOptions(array $args)
+    /**
+     * @param array<int, mixed> $args
+     */
+    protected function assertCommonOptions(array $args): void
     {
         $this->assertCount(3, $args);
-        $this->assertStringStartsWith('https://www.google.com/', $args[0]);
+
+        /** @var string $url */
+        $url = $args[0];
+        $this->assertStringStartsWith('https://www.google.com/', $url);
         $this->assertFalse($args[1]);
         $this->assertTrue(is_resource($args[2]), 'The context options should be a resource');
     }
 }
 
-function file_get_contents()
+function file_get_contents(string $filename, bool $use_include_path = false, mixed $context = null, int $offset = 0, ?int $length = null): false|string
 {
+    $args = func_get_args();
     if (PostTest::$assert) {
-        return call_user_func(PostTest::$assert, func_get_args());
+        /** @var callable $assert */
+        $assert = PostTest::$assert;
+        $result = call_user_func($assert, $args);
+        if (null === $result) {
+            return '';
+        }
+
+        if (is_string($result)) {
+            return $result;
+        }
+
+        if (false === $result) {
+            return $result;
+        }
+
+        return false;
     }
 
     // Since we can't represent maxlen in userland...
-    return call_user_func_array('file_get_contents', func_get_args());
+    $result = call_user_func_array('\file_get_contents', $args);
+    if (is_string($result)) {
+        return $result;
+    }
+
+    if (false === $result) {
+        return $result;
+    }
+
+    return false;
 }
diff --git a/tests/ReCaptcha/RequestMethod/SocketPostTest.php b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
index cb7c0ba..419d598 100644
--- a/tests/ReCaptcha/RequestMethod/SocketPostTest.php
+++ b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
@@ -46,26 +46,24 @@
  */
 class SocketPostGlobalState
 {
-    public static $fsockopenHostname;
-    public static $fsockopenErrno = 0;
-    public static $fsockopenErrstr = '';
-    public static $fsockopenSuccess = true;
-    public static $fwriteData = '';
-    public static $fgetsResponses = [];
-    public static $feofCount = 0;
-    public static $fcloseCalled = false;
+    public static ?string $fsockopenHostname = null;
+    public static int $fsockopenErrno = 0;
+    public static string $fsockopenErrstr = '';
+    public static bool $fsockopenSuccess = true;
+    public static string $fwriteData = '';
+
+    /**
+     * @var array<int, false|string>
+     */
+    public static array $fgetsResponses = [];
+    public static int $feofCount = 0;
+    public static bool $fcloseCalled = false;
 }
 
 /**
  * Mock fsockopen in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed      $hostname
- * @param mixed      $port
- * @param mixed      $errno
- * @param mixed      $errstr
- * @param null|mixed $timeout
  */
-function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = null)
+function fsockopen(string $hostname, int $port = -1, int &$errno = 0, string &$errstr = '', ?float $timeout = null): false|\stdClass
 {
     SocketPostGlobalState::$fsockopenHostname = $hostname;
     $errno = SocketPostGlobalState::$fsockopenErrno;
@@ -76,12 +74,8 @@ function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout =
 
 /**
  * Mock fwrite in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed      $handle
- * @param mixed      $string
- * @param null|mixed $length
  */
-function fwrite($handle, $string, $length = null)
+function fwrite(\stdClass $handle, string $string, ?int $length = null): int
 {
     SocketPostGlobalState::$fwriteData .= $string;
 
@@ -90,33 +84,30 @@ function fwrite($handle, $string, $length = null)
 
 /**
  * Mock fgets in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed      $handle
- * @param null|mixed $length
  */
-function fgets($handle, $length = null)
+function fgets(\stdClass $handle, ?int $length = null): false|string
 {
-    return array_shift(SocketPostGlobalState::$fgetsResponses);
+    $response = array_shift(SocketPostGlobalState::$fgetsResponses);
+
+    return null === $response ? false : $response;
 }
 
 /**
  * Mock feof in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed $handle
  */
-function feof($handle)
+function feof(\stdClass $handle): bool
 {
     return empty(SocketPostGlobalState::$fgetsResponses);
 }
 
 /**
  * Mock fclose in the ReCaptcha\RequestMethod namespace.
- *
- * @param mixed $handle
  */
-function fclose($handle)
+function fclose(\stdClass $handle): bool
 {
     SocketPostGlobalState::$fcloseCalled = true;
+
+    return true;
 }
 
 /**
@@ -137,7 +128,7 @@ protected function setUp(): void
         SocketPostGlobalState::$fcloseCalled = false;
     }
 
-    public function testSubmit()
+    public function testSubmit(): void
     {
         SocketPostGlobalState::$fgetsResponses = [
             "HTTP/1.0 200 OK\r\n",
@@ -156,7 +147,7 @@ public function testSubmit()
         $this->assertTrue(SocketPostGlobalState::$fcloseCalled);
     }
 
-    public function testConnectionFailureReturnsError()
+    public function testConnectionFailureReturnsError(): void
     {
         SocketPostGlobalState::$fsockopenSuccess = false;
         $sp = new SocketPost();
@@ -165,7 +156,7 @@ public function testConnectionFailureReturnsError()
         $this->assertEquals('{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}', $response);
     }
 
-    public function testBadResponseReturnsError()
+    public function testBadResponseReturnsError(): void
     {
         SocketPostGlobalState::$fgetsResponses = [
             "HTTP/1.0 500 Internal Server Error\r\n",
diff --git a/tests/ReCaptcha/RequestParametersTest.php b/tests/ReCaptcha/RequestParametersTest.php
index 9466a1c..3fdb4f5 100644
--- a/tests/ReCaptcha/RequestParametersTest.php
+++ b/tests/ReCaptcha/RequestParametersTest.php
@@ -47,29 +47,42 @@
  */
 class RequestParametersTest extends TestCase
 {
+    /**
+     * @param array<string, string> $expectedArray
+     */
     #[DataProvider('provideValidData')]
-    public function testToArray($secret, $response, $remoteIp, $version, $expectedArray, $expectedQuery)
+    public function testToArray(string $secret, string $response, ?string $remoteIp, ?string $version, array $expectedArray, string $expectedQuery): void
     {
         $params = new RequestParameters($secret, $response, $remoteIp, $version);
         $this->assertEquals($params->toArray(), $expectedArray);
     }
 
+    /**
+     * @param array<string, string> $expectedArray
+     */
     #[DataProvider('provideValidData')]
-    public function testToQueryString($secret, $response, $remoteIp, $version, $expectedArray, $expectedQuery)
+    public function testToQueryString(string $secret, string $response, ?string $remoteIp, ?string $version, array $expectedArray, string $expectedQuery): void
     {
         $params = new RequestParameters($secret, $response, $remoteIp, $version);
         $this->assertEquals($params->toQueryString(), $expectedQuery);
     }
 
-    public static function provideValidData()
+    /**
+     * @return array<int, array{0: string, 1: string, 2: null|string, 3: null|string, 4: array<string, string>, 5: string}>
+     */
+    public static function provideValidData(): array
     {
         return [
-            ['SECRET', 'RESPONSE', 'REMOTEIP', 'VERSION',
+            [
+                'SECRET', 'RESPONSE', 'REMOTEIP', 'VERSION',
                 ['secret' => 'SECRET', 'response' => 'RESPONSE', 'remoteip' => 'REMOTEIP', 'version' => 'VERSION'],
-                'secret=SECRET&response=RESPONSE&remoteip=REMOTEIP&version=VERSION'],
-            ['SECRET', 'RESPONSE', null, null,
+                'secret=SECRET&response=RESPONSE&remoteip=REMOTEIP&version=VERSION',
+            ],
+            [
+                'SECRET', 'RESPONSE', null, null,
                 ['secret' => 'SECRET', 'response' => 'RESPONSE'],
-                'secret=SECRET&response=RESPONSE'],
+                'secret=SECRET&response=RESPONSE',
+            ],
         ];
     }
 }
diff --git a/tests/ReCaptcha/ResponseTest.php b/tests/ReCaptcha/ResponseTest.php
index 5cf4cf5..2f6e0f5 100644
--- a/tests/ReCaptcha/ResponseTest.php
+++ b/tests/ReCaptcha/ResponseTest.php
@@ -47,20 +47,26 @@
  */
 class ResponseTest extends TestCase
 {
+    /**
+     * @param array<string> $errorCodes
+     */
     #[DataProvider('provideJson')]
-    public function testFromJson($json, $success, $errorCodes, $hostname, $challengeTs, $apkPackageName, $score, $action)
+    public function testFromJson(string $json, bool $success, array $errorCodes, ?string $hostname, ?string $challengeTs, ?string $apkPackageName, ?float $score, ?string $action): void
     {
         $response = Response::fromJson($json);
         $this->assertEquals($success, $response->isSuccess());
         $this->assertEquals($errorCodes, $response->getErrorCodes());
-        $this->assertEquals($hostname, $response->getHostname());
-        $this->assertEquals($challengeTs, $response->getChallengeTs());
-        $this->assertEquals($apkPackageName, $response->getApkPackageName());
+        $this->assertEquals($hostname ?? '', $response->getHostname());
+        $this->assertEquals($challengeTs ?? '', $response->getChallengeTs());
+        $this->assertEquals($apkPackageName ?? '', $response->getApkPackageName());
         $this->assertEquals($score, $response->getScore());
-        $this->assertEquals($action, $response->getAction());
+        $this->assertEquals($action ?? '', $response->getAction());
     }
 
-    public static function provideJson()
+    /**
+     * @return array<int, array{0: string, 1: bool, 2: array<string>, 3: null|string, 4: null|string, 5: null|string, 6: null|float, 7: null|string}>
+     */
+    public static function provideJson(): array
     {
         return [
             [
@@ -106,7 +112,7 @@ public static function provideJson()
         ];
     }
 
-    public function testIsSuccess()
+    public function testIsSuccess(): void
     {
         $response = new Response(true);
         $this->assertTrue($response->isSuccess());
@@ -115,17 +121,17 @@ public function testIsSuccess()
         $this->assertFalse($response->isSuccess());
 
         $response = new Response(true, [], 'example.com');
-        $this->assertEquals('example.com', $response->getHostName());
+        $this->assertEquals('example.com', $response->getHostname());
     }
 
-    public function testGetErrorCodes()
+    public function testGetErrorCodes(): void
     {
         $errorCodes = ['test'];
         $response = new Response(true, $errorCodes);
         $this->assertEquals($errorCodes, $response->getErrorCodes());
     }
 
-    public function testGetHostname()
+    public function testGetHostname(): void
     {
         $hostname = 'google.com';
         $errorCodes = [];
@@ -133,38 +139,37 @@ public function testGetHostname()
         $this->assertEquals($hostname, $response->getHostname());
     }
 
-    public function testGetChallengeTs()
+    public function testGetChallengeTs(): void
     {
         $timestamp = 'timestamp';
-        $errorCodes = [];
         $response = new Response(true, [], 'hostname', $timestamp);
         $this->assertEquals($timestamp, $response->getChallengeTs());
     }
 
-    public function TestGetApkPackageName()
+    public function testGetApkPackageName(): void
     {
         $apk = 'apk';
         $response = new Response(true, [], 'hostname', 'timestamp', 'apk');
         $this->assertEquals($apk, $response->getApkPackageName());
     }
 
-    public function testGetScore()
+    public function testGetScore(): void
     {
         $score = 0.5;
         $response = new Response(true, [], 'hostname', 'timestamp', 'apk', $score);
         $this->assertEquals($score, $response->getScore());
     }
 
-    public function testGetAction()
+    public function testGetAction(): void
     {
         $action = 'homepage';
-        $response = new Response(true, [], 'hostname', 'timestamp', 'apk', '0.5', 'homepage');
+        $response = new Response(true, [], 'hostname', 'timestamp', 'apk', 0.5, 'homepage');
         $this->assertEquals($action, $response->getAction());
     }
 
-    public function testToArray()
+    public function testToArray(): void
     {
-        $response = new Response(true, [], 'hostname', 'timestamp', 'apk', '0.5', 'homepage');
+        $response = new Response(true, [], 'hostname', 'timestamp', 'apk', 0.5, 'homepage');
         $expected = [
             'success' => true,
             'error-codes' => [],

From 24d61226c917be93e29477cbfde365dd834c4940 Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 19:23:36 +0000
Subject: [PATCH 4/6] Run PHPStan as part of GitHub Actions

---
 .github/workflows/php.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index 5be56bd..7016929 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -45,6 +45,9 @@ jobs:
     - name: Run linting
       run: composer run-script lint
 
+    - name: Run static analysis
+      run: composer run-script phpstan
+
     - name: Run test suite
       run: composer run-script test
 

From d008415593c350224ce44e328826a1a2d7d27425 Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 19:39:44 +0000
Subject: [PATCH 5/6] Cover failure case

---
 .../RequestMethod/SocketPostTest.php          | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/tests/ReCaptcha/RequestMethod/SocketPostTest.php b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
index 419d598..3b96e18 100644
--- a/tests/ReCaptcha/RequestMethod/SocketPostTest.php
+++ b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
@@ -147,6 +147,31 @@ public function testSubmit(): void
         $this->assertTrue(SocketPostGlobalState::$fcloseCalled);
     }
 
+    public function testUrlFailureReturnsError(): void
+    {
+        $sp = new SocketPost('invalid_url');
+        $response = $sp->submit(new RequestParameters('secret', 'response'));
+
+        $this->assertEquals('{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}', $response);
+    }
+
+    public function testSubmitWithFgetsFailure(): void
+    {
+        SocketPostGlobalState::$fgetsResponses = [
+            "HTTP/1.0 200 OK\r\n",
+            false,
+            "Content-Type: application/json\r\n",
+            "\r\n",
+            'RESPONSEBODY',
+        ];
+
+        $sp = new SocketPost();
+        $response = $sp->submit(new RequestParameters('secret', 'response'));
+
+        $this->assertEquals('RESPONSEBODY', $response);
+        $this->assertTrue(SocketPostGlobalState::$fcloseCalled);
+    }
+
     public function testConnectionFailureReturnsError(): void
     {
         SocketPostGlobalState::$fsockopenSuccess = false;

From 8afd51bb3be298640a545490d66bc5e58f5c4273 Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Tue, 24 Mar 2026 19:52:11 +0000
Subject: [PATCH 6/6] Test for malformed response

---
 tests/ReCaptcha/RequestMethod/SocketPostTest.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/ReCaptcha/RequestMethod/SocketPostTest.php b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
index 3b96e18..838eab0 100644
--- a/tests/ReCaptcha/RequestMethod/SocketPostTest.php
+++ b/tests/ReCaptcha/RequestMethod/SocketPostTest.php
@@ -172,6 +172,19 @@ public function testSubmitWithFgetsFailure(): void
         $this->assertTrue(SocketPostGlobalState::$fcloseCalled);
     }
 
+    public function testMalformedResponseReturnsError(): void
+    {
+        SocketPostGlobalState::$fgetsResponses = [
+            "HTTP/1.0 200 OK\r\n",
+            "Content-Type: application/json\r\n",
+        ];
+
+        $sp = new SocketPost();
+        $response = $sp->submit(new RequestParameters('secret', 'response'));
+
+        $this->assertEquals('{"success": false, "error-codes": ["'.ReCaptcha::E_BAD_RESPONSE.'"]}', $response);
+    }
+
     public function testConnectionFailureReturnsError(): void
     {
         SocketPostGlobalState::$fsockopenSuccess = false;