• caglararli@hotmail.com
  • 05386281520

Is `curl {something} | sudo bash -` a reasonably safe installation method?

Çağlar Arlı      -    8 Views

Is `curl {something} | sudo bash -` a reasonably safe installation method?

The most straightforward way to install NodeJS on Ubuntu or Debian seems to be Nodesource, whose installation instructions say to run:

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -

This clashes with some basic security rules I learned long ago, such as "be suspicious of downloads" and "be cautious with sudo". However, I learned those rules long ago, and nowadays it seems like everyone is doing this...well, at least it has 350 upvotes on askubuntu.com.

As I read various opinions on other sites, I'm finding that some people also think curl-pipe-sudo-bash is unsafe:

while some people think it's just as safe as any other practical installation method:

There are also some that explore the problem without giving a decisive opinion:

Since there's no clear consensus from other sites, I'm asking here: Is curl-pipe-sudo-bash a reasonably safe installation method, or does it carry unnecessary risks that can be avoided by some other method?