You’ve seen it : many popular tools will have a one-liner homepage with something along the lines of <code>curl https://fancy.tool/install.sh | /bin/sh</code> And inevitably people will comment on how unsafe this is. I don’t get it. How is it any more unsafe than cloning a repo and building and running its code?
If someone manages to replace that .sh on the website with something malicious, you have no idea what you’re installing.
It’s less work than replacing an entire repo, so it’s a more likely attack vector.