Roslyn analyzers provide live static analysis of your code. They can detect incorrect API usage, security issues, performance issues, and more. Analyzers often come with many rules. If some do not apply to your project, you can use an .editorconfig file to disable them. Some rules are also configurable to better match your needs. Before disabling a rule, check its documentation to ensure you understand what it reports and why it recommends a fix.
Adding an analyzer to your project may introduce hundreds or thousands of warnings. If that happens, I suggest disabling all rules first. You can then re-enable them one by one and fix the code, keeping the error window manageable.
With that said, let's look at the analyzers I use in almost all my projects!
#Microsoft.CodeAnalysis.NetAnalyzers
This analyzer is actually a collection of analyzers made by Microsoft. It contains hundreds of rules about cryptography, design, globalization, interoperability, maintainability, naming, performance, portability, usage, and more. For example, it ensures that you implement IDisposable correctly, that you validate arguments in public methods, or that you use an overload with a CultureInfo parameter when possible.
There are 2 ways to use this analyzer, but you should only use one of them. The first method is by using the .NET 5 SDK:
csproj (MSBuild project file)
<PropertyGroup>
<EnableNETAnalyzers>true</EnableNETAnalyzers>
<AnalysisMode>AllEnabledByDefault</AnalysisMode>
<AnalysisLevel>latest</AnalysisLevel>
</PropertyGroup>
The second method is by referencing the NuGet package:
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="5.0.3">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
</ItemGroup>
The main difference between the 2 ways is how you get updates. Using the .NET SDK, the version of the analyzer is set by the version of the SDK. You'll get updates when you update the .NET SDK. Using the NuGet package, you can get updates without changing the SDK, but you'll have to keep the package up-to-date manually.
#Meziantou.Analyzer
Yep, this is my analyzer 😃 It contains more than 100 rules about performance, usage, security, coding style, etc. For instance, it reports missing CultureInfo or StringComparison, wrong async usages, wrong argument name in ArgumentException, non-optimal usage of LINQ methods or StringBuilder, missing timeouts in Regex, etc.
I've already written about some of the Meziantou.Analyzer's rules:
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="Meziantou.Analyzer" Version="1.0.662">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
</ItemGroup>
#Microsoft.CodeAnalysis.BannedApiAnalyzers
The Banned API analyzer allows you to define a list of symbols (types, methods, properties, etc.) that are forbidden in a project. When a developer uses one of the banned symbols, the analyzer reports a warning.
csproj (MSBuild project file)
<PackageReference Include="Microsoft.CodeAnalysis.BannedApiAnalyzers" Version="3.0.0">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<ItemGroup>
<AdditionalFiles Include="BannedSymbols.txt" />
</ItemGroup>
P:System.DateTime.Now;Use System.DateTime.UtcNow instead
M:System.IO.File.GetCreationTime(System.String);Use GetCreationTimeUtc instead
#Microsoft.CodeAnalysis.PublicApiAnalyzers
Public API Analyzers contains rules to help library authors monitor changes to their public APIs. This is useful to avoid breaking changes or to document them. This package is used by multiple .NET products such as ASP.NET Core or WinForms.
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.3.2">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
</ItemGroup>
#Microsoft.VisualStudio.Threading.Analyzers
This analyzer detects common mistakes and potential issues related to threading and asynchronous coding. Despite Visual Studio being in the name, the analyzer applies to any .NET project. For instance, it checks that you are not returning a null task, or that you don't forget an await in using statements.
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="Microsoft.VisualStudio.Threading.Analyzers" Version="16.9.60">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
</ItemGroup>
#AsyncFixer
AsyncFixer helps developers find and correct common async/await misuses (i.e., anti-patterns). It currently detects 5 common kinds of async/await misuses and fixes 3 of them via program transformations. Some of its rules are already implemented by Meziantou.Analyzer and Microsoft.VisualStudio.Threading.Analyzers, but it has some unique rules such as AsyncFixer01.
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="AsyncFixer" Version="1.3.0">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
</ItemGroup>
#StyleCop.Analyzers
StyleCop.Analyzers provides warnings for style and consistency rule violations in C# code. The warnings are organized into rule areas such as documentation, layout, naming, ordering, readability, and spacing.
StyleCop can be used in addition to the .editorconfig file. You may not need this analyzer if everything you want is already supported by dotnet format. Read more about enforcing the code style using dotnet format and an .editorconfig file.
csproj (MSBuild project file)
<ItemGroup>
<PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.333">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
</ItemGroup>
Do you have a question or a suggestion about this post? Contact me!
