The README.md instructs users to install the tool via a remote script:
|
Prompt your agent to install: |
|
|
|
```text |
|
> Install Save to Spotify by running https://saveto.spotify.com/install.sh |
|
``` |
While running a remotely hosted bash is already far from ideal, I find it worse to do so from a 3rd-party (to the tool's source code) website, without encouraging users to read it.
Were the link to the script link pointing to the GH repo, or the latest release, I believe it'd be less of an issue, as the script contents would be public and verifiable by the user base.
The
README.mdinstructs users to install the tool via a remote script:save-to-spotify/README.md
Lines 7 to 11 in 58789fc
While running a remotely hosted bash is already far from ideal, I find it worse to do so from a 3rd-party (to the tool's source code) website, without encouraging users to read it.
Were the link to the script link pointing to the GH repo, or the latest release, I believe it'd be less of an issue, as the script contents would be public and verifiable by the user base.