A set of PSScriptAnalyzer rules that help make it Good Enough!
| Downloads | Version | Publish Status | Supported Platforms |
|---|---|---|---|
 |
 |
 |
 |
These are rules that "Good Enough" Gilbert, slapped together after seeing someone or something that wanted it. These may not be appropriate for your environment so keep that in mind when including them.
You will probably want to enable individual rules vs all of them at once. I suggest taking a look at the documents to see what each rule does.
Install from the PowerShell Gallery:
Install-PSResource GoodEnoughRulesThe docs are automatically generated from the rule comment based help. You can see the docs at HeyItsGilbert.GitHub.io/GoodEnoughRules
Severity: Information
Detects TODO-style comments in your code, including TODO, FIXME, BUG, MARK, and checkbox-style comments ([ ]).
# This will trigger the rule:
# TODO: Refactor this function
# FIXME: Handle edge caseWhy it matters: Helps track pending work items and ensures technical debt is documented and addressable.
Severity: Error
Detects when Invoke-WebRequest (or its aliases iwr, curl) is used without the UseBasicParsing parameter.
# This will trigger the rule:
Invoke-WebRequest -Uri 'https://example.com'
# This is preferred:
Invoke-WebRequest -Uri 'https://example.com' -UseBasicParsingWhy it matters: UseBasicParsing avoids dependency on Internet Explorer's DOM parser, making scripts more portable and reliable, especially in server environments.
Severity: Error
Detects when Invoke-WebRequest is used with UseBasicParsing but then tries to access properties that are incompatible with basic parsing (like Forms, ParsedHtml, Scripts, AllElements).
# This will trigger the rule:
$response = Invoke-WebRequest -Uri 'https://example.com' -UseBasicParsing
$forms = $response.Forms # These properties aren't available with UseBasicParsingWhy it matters: Prevents runtime errors by catching incompatible property access at analysis time.
Severity: Error
Detects when ConvertFrom-SecureString is used without a -Key parameter, which means the encrypted string is bound to the specific user and machine.
# This will trigger the rule:
$secureString | ConvertFrom-SecureString
# This is preferred for portability:
$secureString | ConvertFrom-SecureString -Key $keyBytesWhy it matters: Without a key, encrypted strings cannot be decrypted on different machines or by different users, limiting portability and automation scenarios.
# Install and import
Install-PSResource GoodEnoughRules
$module = Import-Module GoodEnoughRules -PassThru
# Get the path the psm1
$modulePath = Join-Path $module.ModuleBase $module.RootModule
# Run against a folder
Invoke-ScriptAnalyzer -CustomRulePath $modulePath -IncludeRule 'Measure-InvokeWebRequestWithoutBasic' -Path '.\scripts\'Tip
Use a "proxy module" to load all your different custom rules and check that into your repository. This helps you avoid having to hardcode to a specific module path.
-
Install the module.
-
Create a custom rule file:
PSScriptAnalyzerRules.psm1# Proxy Module example $rules = Import-Module -Name 'GoodEnoughRules' -PassThru Export-ModuleMember -Function @($rules.ExportedCommands.Keys)
-
Import it into your PSScriptAnalyzer config:
PSScriptAnalyzerSettings.psd1@{ CustomRulePath = @( '.\PSScriptAnalyzerRules.psm1' ) IncludeDefaultRules = $true IncludeRules = @( # Default rules 'PSAvoidDefaultValueForMandatoryParameter' 'PSAvoidDefaultValueSwitchParameter' # Custom rules 'Measure-*' ) }
If you're interested in learning more about the "Proxy Module" concept, see Sharing Your Custom PSScriptAnalyzer Rules
This module depends on PSScriptAnalyzer which means that it will install it
if's not available. If you have different required versions in your PSDepend
configuration that can cause conflict. I will try to avoid that by only
requiring a minimum version.
