cft
Become a CreatorSign inGet Started

Don't blindly run "curl | bash"

Don't blindly execute the code you find on the Internet, even if the project looks "community-approved."


user

Roman Imankulov

4 months ago | 1 min read
Follow

dont-blindly-run-curl-bash-l38nn

Don't blindly run "curl | bash" on anything you find on the Internet, even if the project looks "community-approved."

Do you remember dephell, a project to manage Python dependencies and virtual environments? The author archives the GitHub project, but the installation instructions are still around, well-indexed, and have no indication that the project is abandoned.

Contrary to what you may think, what you execute has nothing to do with that project with 1,700 GitHub stars. The author decided not to keep the domain name. The website is a regular WordPress spammy thing now.

There are no indications that dephell.org/install contains or ever contained any malware, but that may not be the case for your next hot project.

Upvote


user
Created by

Roman Imankulov

Follow

Full-stack Python web developer

Software development is not about code. It's about people.


people
Post

Upvote

Downvote

Comment

Bookmark

Share


Related Articles