What’s the problem with pipe-curl-into-sh?
You’ve seen it : many popular tools will have a one-liner homepage with something along the lines of

ˋˋˋ
curl https://fancy.tool/install.sh | /bin/sh
ˋˋˋ

And inevitably people will comment on how unsafe this is.

I don’t get it. How is it any more unsafe than cloning a repo and building and running its code? ⌘ Read more