Comment by growthexecutive

> a knowledgable user will most likely check the content first

Really? Are they going to read every line of code and every line of code in every dependency that the install script installs?

The bash detection is clever but I think its a solution to a problem that doesn't exist.. Its already very easy to install hide malicious code in plain sight, why go to all this trouble to detect if the user is piping to bash?

For example, see how easy it is to publish a fake npm package or a .deb package:

https://hackernoon.com/im-harvesting-credit-card-numbers-and...

https://github.com/ChaitanyaHaritash/kimi