Using PSScriptAnalyzer to check your PowerShell code for best practices
Are you interested in learning if your PowerShell code follows what the community considers to be best practices? Well, you're in luck because Microsoft has a new open source PowerShell module named PSScriptAnalyzer that does just that. According to the GitHub page for PSScriptAnalyzer, it's a static code checker for PowerShell modules and scripts that checks the quality of PowerShell code by running a set of rules that are based on best practices identified by the PowerShell team and community. In addition to testing your code with the PSScriptAnalyzer built in rules, you can also create your own custom rules if your organization has specific guidelines for writing PowerShell code.
Installing the PSScriptAnalyzer module is easy when installing it from the PowerShell gallery:
1Install-Module -Name PSScriptAnalyzer -Repository PSGallery -Force
2Get-Module -Name PSScriptAnalyzer -ListAvailable
I used the Get-Module
cmdlet after installing the PSScriptAnalyzer module to verify that it was indeed installed.
In the following example, I'll use Script Analyzer to test my MrDSC module that I have on GitHub to determine if I've missed following any of the best practices. I'll exclude the PSProvideDefaultParameterValue rule since there's a bug with it that I've logged on GitHub.
1Invoke-ScriptAnalyzer -Path "$env:ProgramFiles\WindowsPowerShell\Modules\MrDSC" -ExcludeRule PSProvideDefaultParameterValue
In the previous example, it did catch several items in my module that I need to revisit. An unused variable that can be removed from my code, a plural noun that should be singular, and the use of a positional parameter.
It's very easy to over look things so I'm glad to see something like PSScriptAnalyzer that I can use to validate that my PowerShell code meets the industry standards for best practices before sharing it online. Speaking of sharing PowerShell code, I typically share my code on GitHub and I will continue to use GitHub as a source control and collaboration tool moving forward, but I also plan to start using the PowerShell Gallery as a method of distribution for the stable versions of my PowerShell modules if for no other reason than for the ease of installation.
A module containing sample rules can be found on GitHub as well. I'll use those rules to check my module also:
1Invoke-ScriptAnalyzer -Path "$env:ProgramFiles\WindowsPowerShell\Modules\MrDSC" -CustomizedRulePath C:\tmp\CommunityAnalyzerRules -ExcludeRule PSProvideDefaultParameterValue
Of course you can place anything you want in your own custom rules and the ones that are informational are worth reading through but action on those isn't always necessary.
If you have the ISESteroids add-on for the PowerShell ISE (Integrated Scripting Environment), you can also enable real time code analysis using the script analyzer rules:
If you don't have ISESteroids, you can still take advantage of the script analyzer rules in the default ISE with the script analyzer add-on:
1Install-Module -Name ISEScriptAnalyzerAddOn -Force
2Get-Module -Name ISEScriptAnalyzerAddOn -ListAvailable
Once the script analyzer add-on is enabled, the add-on will be displayed on the far right side in the ISE:
I also noticed that Nana Lakshmanan from the PowerShell team has a script analyzer custom rules module on the PowerShell Gallery:
1Find-Module -Name nScriptAnalyzerRules | Format-List -Property *
While I haven't taken a look at that specific module, based on the author it's definitely something
worth taking a look at. Also notice that a license URL is specified for the module shown in the
previous example. You should always specify a license when sharing your code <period>
. I'm not
perfect either and that's something I need to revisit for some of the code that I've previously
shared. I plan to specify the MIT license for all of the
code that I share online.
Last but not least, Get-Involved
. There are script analyzer community meetings which are hosted by
Microsoft. The information for those meetings can be found in the announcements section of the
PSScriptAnalyzer GitHub page.
µ