powershell
powershell documentation
- Version in Mega-Linter: 7.1.5
- Visit Official Web Site
- See How to configure powershell rules
- If custom
.powershell-psscriptanalyzer.psd1
config file is not found, .powershell-psscriptanalyzer.psd1 will be used
- If custom
- See How to disable powershell rules in files
Configuration in Mega-Linter
- Enable powershell by adding
POWERSHELL_POWERSHELL
in ENABLE_LINTERS variable - Disable powershell by adding
POWERSHELL_POWERSHELL
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
POWERSHELL_POWERSHELL_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
POWERSHELL_POWERSHELL_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
POWERSHELL_POWERSHELL_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
POWERSHELL_POWERSHELL_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
{linter.cli_lint_mode} |
POWERSHELL_POWERSHELL_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".ps1", ".psm1", ".psd1", ".ps1xml", ".pssc", ".psrc", ".cdxml"] |
POWERSHELL_POWERSHELL_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
POWERSHELL_POWERSHELL_PRE_COMMANDS | List of bash commands to run before the linter | None |
POWERSHELL_POWERSHELL_POST_COMMANDS | List of bash commands to run after the linter | None |
POWERSHELL_POWERSHELL_CONFIG_FILE | powershell configuration file nameUse LINTER_DEFAULT to let the linter find it |
.powershell-psscriptanalyzer.psd1 |
POWERSHELL_POWERSHELL_RULES_PATH | Path where to find linter configuration file | Workspace folder, then Mega-Linter default rules |
POWERSHELL_POWERSHELL_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
POWERSHELL_POWERSHELL_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
IDE Integration
Use powershell in your favorite IDE to catch errors before Mega-Linter !
IDE | Extension Name | Install | |
---|---|---|---|
Visual Studio Code | VsCode PowerShell extension |
Mega-Linter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default Mega-Linter Flavor | 94 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 47 |
Behind the scenes
How are identified applicable files
- File extensions:
.ps1
,.psm1
,.psd1
,.ps1xml
,.pssc
,.psrc
,.cdxml
How the linting is performed
- powershell is called one time by identified file
Example calls
pwsh -NoProfile -NoLogo -Command "Invoke-ScriptAnalyzer -EnableExit -Path myfile.ps1"
pwsh -NoProfile -NoLogo -Command "Invoke-ScriptAnalyzer -EnableExit -Settings .powershell-psscriptanalyzer.psd1 -Path myfile.ps1"
Help content
Usage: pwsh[.exe] [-Login] [[-File] <filePath> [args]]
[-Command { - | <script-block> [-args <arg-array>]
| <string> [<CommandParameters>] } ]
[-ConfigurationName <string>] [-CustomPipeName <string>]
[-EncodedCommand <Base64EncodedCommand>]
[-ExecutionPolicy <ExecutionPolicy>] [-InputFormat {Text | XML}]
[-Interactive] [-MTA] [-NoExit] [-NoLogo] [-NonInteractive] [-NoProfile]
[-OutputFormat {Text | XML}] [-SettingsFile <filePath>] [-SSHServerMode] [-STA]
[-Version] [-WindowStyle <style>] [-WorkingDirectory <directoryPath>]
pwsh[.exe] -h | -Help | -? | /?
PowerShell Online Help https://aka.ms/powershell-docs
All parameters are case-insensitive.
-File | -f
If the value of File is "-", the command text is read from standard input.
Running "pwsh -File -" without redirected standard input starts a regular
session. This is the same as not specifying the File parameter at all.
This is the default parameter if no parameters are present but values are
present in the command line. The specified script runs in the local scope
("dot-sourced"), so that the functions and variables that the script
creates are available in the current session. Enter the script file path
and any parameters. File must be the last parameter in the command, because
all characters typed after the File parameter name are interpreted as the
script file path followed by the script parameters.
Typically, the switch parameters of a script are either included or
omitted. For example, the following command uses the All parameter of the
Get-Script.ps1 script file: "-File .\Get-Script.ps1 -All"
In rare cases, you might need to provide a BOOLEAN value for a switch
parameter. To provide a BOOLEAN value for a switch parameter in the value
of the FILE parameter, Use the parameter normally followed immediately by a
colon and the boolean value, such as the following:
"-File .\Get-Script.ps1 -All:$False".
Parameters passed to the script are passed as literal strings, after
interpretation by the current shell. For example, if you are in cmd.exe and
want to pass an environment variable value, you would use the cmd.exe
syntax: "pwsh -File . est.ps1 -TestParam %windir%"
In contrast, running "pwsh -File . est.ps1 -TestParam $env:windir" in
cmd.exe results in the script receiving the literal string "$env:windir"
because it has no special meaning to the current cmd.exe shell. The
"$env:windir" style of environment variable reference can be used inside a
Command parameter, since there it is interpreted as PowerShell code.
Similarly, if you want to execute the same command from a Batch script,
you would use "%~dp0" instead of ".\" or "$PSScriptRoot" to represent the current
execution directory: "pwsh -File %~dp0test.ps1 -TestParam %windir%". If you
instead used ". est.ps1", PowerShell would throw an error because it cannot
find the literal path ". est.ps1".
When the script file invoked terminates with an exit command, the process
exit code is set to the numeric argument used with the exit command. With
normal termination, the exit code is always 0.
Similar to -Command, when a script-terminating error occurs, the exit code
is set to 1. However, unlike with -Command, when the execution is
interrupted with Ctrl-C the exit code is 0.
-Command | -c
Executes the specified commands (and any parameters) as though they were
typed at the PowerShell command prompt, and then exits, unless the NoExit
parameter is specified.
The value of Command can be "-", a script block, or a string. If the value
of Command is "-", the command text is read from standard input.
The Command parameter only accepts a script block for execution when it can
recognize the value passed to Command as a ScriptBlock type. This is only
possible when running pwsh from another PowerShell host. The ScriptBlock
type may be contained in an existing variable, returned from an expression,
or parsed by the PowerShell host as a literal script block enclosed in
curly braces "{}", before being passed to pwsh.
pwsh -Command {Get-WinEvent -LogName security}
In cmd.exe, there is no such thing as a script block (or ScriptBlock type),
so the value passed to Command will always be a string. You can write a
script block inside the string, but instead of being executed it will
behave exactly as though you typed it at a typical PowerShell prompt,
printing the contents of the script block back out to you.
A string passed to Command is still executed as PowerShell script, so the
script block curly braces are often not required in the first place when
running from cmd.exe. To execute an inline script block defined inside a
string, the call operator "&" can be used:
pwsh -Command "& {Get-WinEvent -LogName security}"
If the value of Command is a string, Command must be the last parameter for
pwsh, because all arguments following it are interpreted as part of the
command to execute.
When called from within an existing PowerShell session, the results are
returned to the parent shell as deserialized XML objects, not live objects.
For other shells, the results are returned as strings.
If the value of Command is "-", the command text is read from standard
input. You must redirect standard input when using the Command parameter
with standard input. For example:
@'
"in"
"hi" |
% { "$_ there" }
"out"
'@ | powershell -NoProfile -Command -
This example produces the following output:
in
hi there
out
The process exit code is determined by status of the last (executed)
command within the script block. The exit code is 0 when $? is $true or 1
when $? is $false. If the last command is an external program or a
PowerShell script that explicitly sets an exit code other than 0 or 1, that
exit code is converted to 1 for process exit code. To preserve the specific
exit code, add exit $LASTEXITCODE to your command string or script block.
Similarly, the value 1 is returned when a script-terminating
(runspace-terminating) error, such as a throw or -ErrorAction Stop, occurs
or when execution is interrupted with Ctrl-C.
-ConfigurationName | -config
Specifies a configuration endpoint in which PowerShell is run. This can be
any endpoint registered on the local machine including the default
PowerShell remoting endpoints or a custom endpoint having specific user
role capabilities.
Example: "pwsh -ConfigurationName AdminRoles"
-CustomPipeName
Specifies the name to use for an additional IPC server (named pipe) used
for debugging and other cross-process communication. This offers a
predictable mechanism for connecting to other PowerShell instances.
Typically used with the CustomPipeName parameter on "Enter-PSHostProcess".
This parameter was introduced in PowerShell 6.2.
For example:
# PowerShell instance 1
pwsh -CustomPipeName mydebugpipe
# PowerShell instance 2
Enter-PSHostProcess -CustomPipeName mydebugpipe
-EncodedCommand | -e | -ec
Accepts a Base64-encoded string version of a command. Use this parameter to
submit commands to PowerShell that require complex, nested quoting. The
Base64 representation must be a UTF-16 encoded string.
For example:
$command = 'dir "c:\program files" '
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
pwsh -encodedcommand $encodedCommand
-ExecutionPolicy | -ex | -ep
Sets the default execution policy for the current session and saves it in
the $env:PSExecutionPolicyPreference environment variable. This parameter
does not change the persistently configured execution policies.
This parameter only applies to Windows computers. The
$env:PSExecutionPolicyPreference environment variable does not exist on
non-Windows platforms.
-InputFormat | -inp | -if
Describes the format of data sent to PowerShell. Valid values are "Text"
(text strings) or "XML" (serialized CLIXML format).
-Interactive | -i
Present an interactive prompt to the user. Inverse for NonInteractive
parameter.
-Login | -l
On Linux and macOS, starts PowerShell as a login shell, using /bin/sh to
execute login profiles such as /etc/profile and ~/.profile. On Windows,
this switch does nothing.
[!IMPORTANT] This parameter must come first to start PowerShell as a login
shell. The parameter is ignored if passed in any other position.
To set up pwsh as the login shell on UNIX-like operating systems:
- Verify that the full absolute path to pwsh is listed under /etc/shells
- This path is usually something like /usr/bin/pwsh on Linux or
/usr/local/bin/pwsh on macOS
- With some installation methods, this entry will be added
automatically at installation time
- If pwsh is not present in /etc/shells, use an editor to append the
path to pwsh on the last line. This requires elevated privileges to
edit.
- Use the chsh utility to set your current user's shell to pwsh:
chsh -s /usr/bin/pwsh
[!WARNING] Setting pwsh as the login shell is currently not supported on
Windows Subsystem for Linux (WSL), and attempting to set pwsh as the
login shell there may lead to being unable to start WSL interactively.
-MTA
Start PowerShell using a multi-threaded apartment. This switch is only
available on Windows.
-NoExit | -noe
Does not exit after running startup commands.
Example: "pwsh -NoExit -Command Get-Date"
-NoLogo | -nol
Hides the copyright banner at startup of interactive sessions.
-NonInteractive | -noni
Does not present an interactive prompt to the user. Any attempts to use
interactive features, like Read-Host or confirmation prompts, result in
statement-terminating errors.
-NoProfile | -nop
Does not load the PowerShell profiles.
-OutputFormat | -o | -of
Determines how output from PowerShell is formatted. Valid values are "Text"
(text strings) or "XML" (serialized CLIXML format).
Example: "pwsh -o XML -c Get-Date"
When called withing a PowerShell session, you get deserialized objects as
output rather plain strings. When called from other shells, the output is
string data formatted as CLIXML text.
-SettingsFile | -settings
Overrides the system-wide "powershell.config.json" settings file for the
session. By default, system-wide settings are read from the
"powershell.config.json" in the "$PSHOME" directory.
Note that these settings are not used by the endpoint specified by the
"-ConfigurationName" argument.
Example: "pwsh -SettingsFile c:\myproject\powershell.config.json"
-SSHServerMode | -sshs
Used in sshd_config for running PowerShell as an SSH subsystem. It is not
intended or supported for any other use.
-STA
Start PowerShell using a single-threaded apartment. This is the default.
This switch is only available on Windows.
-Version | -v
Displays the version of PowerShell. Additional parameters are ignored.
-WindowStyle | -w
Sets the window style for the session. Valid values are Normal, Minimized,
Maximized and Hidden.
-WorkingDirectory | -wd
Sets the initial working directory by executing at startup. Any valid
PowerShell file path is supported.
To start PowerShell in your home directory, use: pwsh -WorkingDirectory ~
-Help, -?, /?
Displays help for pwsh. If you are typing a pwsh command in PowerShell,
prepend the command parameters with a hyphen (-), not a forward slash (/).
Installation on mega-linter Docker image
- Dockerfile commands :
# Parent descriptor install
ARG PWSH_VERSION='latest'
ARG PWSH_DIRECTORY='/opt/microsoft/powershell'
RUN mkdir -p ${PWSH_DIRECTORY} \
&& curl --retry 5 --retry-delay 5 -s https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION} \
| grep browser_download_url \
| grep linux-alpine-x64 \
| cut -d '"' -f 4 \
| xargs -n 1 wget -O - \
| tar -xzC ${PWSH_DIRECTORY} \
&& ln -sf ${PWSH_DIRECTORY}/pwsh /usr/bin/pwsh
# Linter install
ARG PSSA_VERSION='latest'
RUN pwsh -c 'Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force'
Example success log
Results of powershell linter (version 7.1.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/powershell_powershell/
-----------------------------------------------
[SUCCESS] .automation/test/powershell/powershell_good_1.ps1
[SUCCESS] .automation/test/powershell/powershell_good_1.psd1
[SUCCESS] .automation/test/powershell/powershell_good_1.psm1
Example error log
Results of powershell linter (version 7.1.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/powershell_powershell/
-----------------------------------------------
[ERROR] .automation/test/powershell/powershell_bad_1.ps1
RuleName Severity ScriptName Line Message
-------- -------- ---------- ---- -------
PSAvoidUsingEmptyCatchBlock Warning powershell 12 Empty catch b
_bad_1.ps1 lock is used.
Please use W
rite-Error or
throw statem
ents in catch
blocks.
PSAvoidTrailingWhitespace Information powershell 11 Line has trai
_bad_1.ps1 ling whitespa
ce
PSAvoidUsingUsernameAndPasswordPara Error powershell 4 Function 'Bad
ms _bad_1.ps1 Function' has
both Usernam
e and Passwor
d parameters.
Either set t
he type of th
e Password pa
rameter to Se
cureString or
replace the
Username and
Password para
meters with a
Credential p
arameter of t
ype PSCredent
ial. If using
a Credential
parameter in
PowerShell 4
.0 or earlier
, please defi
ne a credenti
al transforma
tion attribut
e after the P
SCredential t
ype attribute
.
PSAvoidUsingPlainTextForPassword Warning powershell 5 Parameter '$P
_bad_1.ps1 assword' shou
ld use Secure
String, other
wise this wil
l expose sens
itive informa
tion. See Con
vertTo-Secure
String for mo
re informatio
n.
PSUseDeclaredVarsMoreThanAssignment Warning powershell 9 The variable
s _bad_1.ps1 'VariableThat
IsNotUsedLate
r' is assigne
d but never u
sed.
[ERROR] .automation/test/powershell/powershell_bad_1.psd1
RuleName Severity ScriptName Line Message
-------- -------- ---------- ---- -------
TerminatorExpectedAtEndOfString ParseError powershell 2 The string is
_bad_1.psd missing the
1 terminator: '
.
MissingEndCurlyBrace ParseError powershell 1 Missing closi
_bad_1.psd ng '}' in sta
1 tement block
or type defin
ition.
[ERROR] .automation/test/powershell/powershell_bad_1.psm1
RuleName Severity ScriptName Line Message
-------- -------- ---------- ---- -------
TerminatorExpectedAtEndOfString ParseError powershell 1 The string is
_bad_1.psm missing the
1 terminator: "
.