alt Hacker NewsI feel better with `curl ... | sh` than with npm.
npm suggests projects written in js, which is not something I'm comfortable.
It is nice to see that this is not JS, but Rust.
I feel better with `curl ... | sh` than with npm.
npm suggests projects written in js, which is not something I'm comfortable.
It is nice to see that this is not JS, but Rust.
Agreed! The `curl ... | sh` is sketchy, but it's more obviously a security risk and easier to inspect. With install hooks, `npm install ...` also allows arbitrary code execution when you run it, but this is less obvious.