Using PSScriptAnalyzer to check your PowerShell code for best practices

Are you interested in learning if your PowerShell code follows what the community considers to be best practices? Well, you're in luck because Microsoft has a new open source PowerShell module named PSScriptAnalyzer that does just that. According to the GitHub page for PSScriptAnalyzer, it's a static code checker for PowerShell modules and scripts that checks the quality of PowerShell code by running a set of rules that are based on best practices identified by the PowerShell team and community. In addition to testing your code with the PSScriptAnalyzer built in rules, you can also create your own custom rules if your organization has specific guidelines for writing PowerShell code.

Installing the PSScriptAnalyzer module is easy when installing it from the PowerShell gallery:

1Install-Module -Name PSScriptAnalyzer -Repository PSGallery -Force
2Get-Module -Name PSScriptAnalyzer -ListAvailable

scriptanalyzer1a.jpg

I used the Get-Module cmdlet after installing the PSScriptAnalyzer module to verify that it was indeed installed.

In the following example, I'll use Script Analyzer to test my MrDSC module that I have on GitHub to determine if I've missed following any of the best practices. I'll exclude the PSProvideDefaultParameterValue rule since there's a bug with it that I've logged on GitHub.

1Invoke-ScriptAnalyzer -Path "$env:ProgramFiles\WindowsPowerShell\Modules\MrDSC" -ExcludeRule PSProvideDefaultParameterValue

scriptanalyzer2a.jpg

In the previous example, it did catch several items in my module that I need to revisit. An unused variable that can be removed from my code, a plural noun that should be singular, and the use of a positional parameter.

It's very easy to over look things so I'm glad to see something like PSScriptAnalyzer that I can use to validate that my PowerShell code meets the industry standards for best practices before sharing it online. Speaking of sharing PowerShell code, I typically share my code on GitHub and I will continue to use GitHub as a source control and collaboration tool moving forward, but I also plan to start using the PowerShell Gallery as a method of distribution for the stable versions of my PowerShell modules if for no other reason than for the ease of installation.

A module containing sample rules can be found on GitHub as well. I'll use those rules to check my module also:

1Invoke-ScriptAnalyzer -Path "$env:ProgramFiles\WindowsPowerShell\Modules\MrDSC" -CustomizedRulePath C:\tmp\CommunityAnalyzerRules -ExcludeRule PSProvideDefaultParameterValue

scriptanalyzer3a.jpg

Of course you can place anything you want in your own custom rules and the ones that are informational are worth reading through but action on those isn't always necessary.

If you have the ISESteroids add-on for the PowerShell ISE (Integrated Scripting Environment), you can also enable real time code analysis using the script analyzer rules:

scriptanalyzer4a.jpg

If you don't have ISESteroids, you can still take advantage of the script analyzer rules in the default ISE with the script analyzer add-on:

1Install-Module -Name ISEScriptAnalyzerAddOn -Force
2Get-Module -Name ISEScriptAnalyzerAddOn -ListAvailable

scriptanalyzer5a.jpg

Once the script analyzer add-on is enabled, the add-on will be displayed on the far right side in the ISE:

scriptanalyzer6a.jpg

I also noticed that Nana Lakshmanan from the PowerShell team has a script analyzer custom rules module on the PowerShell Gallery:

1Find-Module -Name nScriptAnalyzerRules | Format-List -Property *

scriptanalyzer7a.jpg

While I haven't taken a look at that specific module, based on the author it's definitely something worth taking a look at. Also notice that a license URL is specified for the module shown in the previous example. You should always specify a license when sharing your code <period>. I'm not perfect either and that's something I need to revisit for some of the code that I've previously shared. I plan to specify the MIT license for all of the code that I share online.

Last but not least, Get-Involved. There are script analyzer community meetings which are hosted by Microsoft. The information for those meetings can be found in the announcements section of the PSScriptAnalyzer GitHub page.

µ