MicrosoftDocs · Xelu86 · Jun 1, 2026 · Jun 1, 2026
@@ -1,6 +1,6 @@
 ---
 description: Avoid Using Cmdlet Aliases or omitting the 'Get-' prefix.
-ms.date: 06/28/2023
+ms.date: 06/01/2026
 ms.topic: reference
 title: AvoidUsingCmdletAliases
 ---
@@ -10,35 +10,29 @@ title: AvoidUsingCmdletAliases
 
 ## Description
 
-An alias is an alternate name or nickname for a cmdlet or for a command element, such as a function,
-script, file, or executable file. You can use the alias instead of the command name in any
-PowerShell commands.
+An alias is an alternate name or nickname for a cmdlet or command element, such as a function,
+script, file, or executable file. While you can use aliases instead of the full command name,
+doing so reduces code readability and maintainability.
 
-There are also implicit aliases. When PowerShell cannot find the cmdlet name, it will try to append
-`Get-` to the command as a last resort. Therefore using the command `verb` will execute `Get-Verb`.
+PowerShell also supports implicit aliases. When a cmdlet name isn't found, PowerShell appends
+`Get-` to the command as a fallback. For example, typing `verb` executes `Get-Verb`.
 
-Every PowerShell author learns the actual command names, but different authors learn and use
-different aliases. Aliases can make code difficult to read, understand and impact availability.
+Aliases create inconsistency across codebases because different authors learn and use different
+aliases. Aliases can potentially make code difficult to read and understand in collaborative
+environments. It can also cause issues with script portability and availability.
 
-Using the full command name makes it easier to maintain your scripts in the the future.
+Using full cmdlet names improves code clarity, makes scripts easier to maintain, and enables proper
+syntax highlighting in code editors and platforms like GitHub and Visual Studio Code. Always use the
+full cmdlet name instead of aliases.
 
-Using the full command names also allows for syntax highlighting in sites and applications like
-GitHub and Visual Studio Code.
+## Configure rule
 
-## How to Fix
-
-Use the full cmdlet name and not an alias.
-
-## Alias Allowlist
-
-To prevent `PSScriptAnalyzer` from flagging your preferred aliases, create an allowlist of the
+To prevent `PSScriptAnalyzer` from flagging your preferred aliases, create an allow list of the
 aliases in your settings file and point `PSScriptAnalyzer` to use the settings file. For example, to
 disable `PSScriptAnalyzer` from flagging `cd`, which is an alias of `Set-Location`, set the settings
 file content to the following.
 
 ```powershell
-# PSScriptAnalyzerSettings.psd1
-
 @{
     'Rules' = @{
         'PSAvoidUsingCmdletAliases' = @{
@@ -50,13 +44,13 @@ file content to the following.
 
 ## Example
 
-### Wrong
+### Noncompliant
 
 ```powershell
 gps | Where-Object {$_.WorkingSet -gt 20000000}
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 Get-Process | Where-Object {$_.WorkingSet -gt 20000000}

@@ -1,6 +1,6 @@
 ---
 description: Avoid Using ComputerName Hardcoded
-ms.date: 06/28/2023
+ms.date: 06/01/2026
 ms.topic: reference
 title: AvoidUsingComputerNameHardcoded
 ---
@@ -10,25 +10,23 @@ title: AvoidUsingComputerNameHardcoded
 
 ## Description
 
-The names of computers should never be hard coded as this will expose sensitive information. The
-`ComputerName` parameter should never have a hard coded value.
-
-## How
-
-Remove hard coded computer names.
+Hard-coded computer names can expose sensitive information and reduce script portability. The
+`ComputerName` parameter should always be parameterized or dynamically assigned to ensure scripts
+are flexible and secure. Use parameters, environment variables, or dynamic values instead of
+hard-coded computer names.
 
 ## Example 1
 
-### Wrong
+### Noncompliant
 
 ```powershell
 Function Invoke-MyRemoteCommand ()
 {
-    Invoke-Command -Port 343 -ComputerName hardcoderemotehostname
+    Invoke-Command -Port 343 -ComputerName HardcodedRemoteHostname
 }
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 Function Invoke-MyCommand ($ComputerName)
@@ -39,16 +37,16 @@ Function Invoke-MyCommand ($ComputerName)
 
 ## Example 2
 
-### Wrong
+### Noncompliant
 
 ```powershell
 Function Invoke-MyLocalCommand ()
 {
-    Invoke-Command -Port 343 -ComputerName hardcodelocalhostname
+    Invoke-Command -Port 343 -ComputerName HardcodedLocalHostname
 }
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 Function Invoke-MyLocalCommand ()

@@ -1,6 +1,6 @@
 ---
 description: Avoid Using SecureString With Plain Text
-ms.date: 01/28/2025
+ms.date: 06/01/2026
 ms.topic: reference
 title: AvoidUsingConvertToSecureStringWithPlainText
 ---
@@ -10,31 +10,34 @@ title: AvoidUsingConvertToSecureStringWithPlainText
 
 ## Description
 
-The use of the `AsPlainText` parameter with the `ConvertTo-SecureString` command can expose secure
-information.
+The use of the `AsPlainText` parameter with the `ConvertTo-SecureString` command bypasses encryption
+and exposes sensitive information in memory as plain text, defeating the purpose of
+[SecureString][01].
 
-## How
-
-Use a standard encrypted variable to perform any SecureString conversions.
+Instead, retrieve secure credentials through encrypted channels or use secure input methods like
+`Read-Host -AsSecureString` to ensure sensitive data remains encrypted throughout its lifecycle.
 
 ## Recommendations
 
-If you do need an ability to retrieve the password from somewhere without prompting the user,
-consider using the
+If you need to retrieve passwords programmatically without user interaction, consider using the
 [SecretStore](https://www.powershellgallery.com/packages/Microsoft.PowerShell.SecretStore)
-module from the PowerShell Gallery.
+module from the PowerShell Gallery, which provides encrypted credential storage and retrieval.
 
 ## Example
 
-### Wrong
+### Noncompliant
 
 ```powershell
 $UserInput = Read-Host 'Please enter your secure code'
 $EncryptedInput = ConvertTo-SecureString -String $UserInput -AsPlainText -Force
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 $SecureUserInput = Read-Host 'Please enter your secure code' -AsSecureString
 ```
+
+<!-- link references -->
+
+[01]: /dotnet/api/system.security.securestring
@@ -1,6 +1,6 @@
 ---
 description: Avoid Using Deprecated Manifest Fields
-ms.date: 06/28/2023
+ms.date: 06/01/2026
 ms.topic: reference
 title: AvoidUsingDeprecatedManifestFields
 ---
@@ -10,25 +10,25 @@ title: AvoidUsingDeprecatedManifestFields
 
 ## Description
 
-In PowerShell 5.0, a number of fields in module manifest files (`.psd1`) have been changed.
+PowerShell 5.0 deprecated several fields in module manifest files (`.psd1`) in favor of new
+alternatives. This rule detects the usage of deprecated manifest fields that should be replaced with
+their modern equivalents.
 
-The field `ModuleToProcess` has been replaced with the `RootModule` field.
-
-## How
-
-Replace `ModuleToProcess` with `RootModule` in the module manifest.
+The `ModuleToProcess` field, which was used to specify the module script file to load, has been
+replaced with the `RootModule` field. The `RootModule` field provides the same functionality and is
+the recommended approach for new modules.
 
 ## Example
 
-### Wrong
+### Noncompliant
 
 ```powershell
 ModuleToProcess ='psscriptanalyzer'
 
 ModuleVersion = '1.0'
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 RootModule ='psscriptanalyzer'

@@ -1,6 +1,6 @@
 ---
 description: Avoid using double quotes if the string is constant.
-ms.date: 06/28/2023
+ms.date: 06/01/2026
 ms.topic: reference
 title: AvoidUsingDoubleQuotesForConstantString
 ---
@@ -12,24 +12,24 @@ title: AvoidUsingDoubleQuotesForConstantString
 
 Single quotes should be used when the value of a string is constant. A constant string doesn't
 contain variables or expressions intended to insert values into the string, such as
-`"$PID-$(hostname)"`).
+`"$PID-$(hostname)"`.
 
-This makes the intent clearer that the string is a constant and makes it easier to use some special
-characters such as `$` within that string expression without needing to escape them.
+Using single quotes makes the intent clearer that the string is constant and allows you to use
+special characters such as `$` without needing to escape them.
 
-There are exceptions to that when double quoted strings are more readable. For example, when the
-string value itself must contain a single quote or other special characters, such as newline
-(`` "`n" ``), are already being escaped. The rule does not warn in these cases.
+However, there are exceptions. Double-quoted strings are preferred when the string contains single
+quotes, embedded escape sequences like newline (``"`n"``), or other special characters that require
+escaping. The rule doesn't warn in these cases.
 
 ## Example
 
-### Wrong
+### Noncompliant
 
 ```powershell
 $constantValue = "I Love PowerShell"
 ```
 
-### Correct
+### Compliant
 
 ```powershell
 $constantValue = 'I Love PowerShell'