vet it.Stop blindly piping to bash. vet lets you inspect remote scripts for changes, run them through a linter, and require your explicit approval before they can execute.
We've all seen this pattern for installing software:
# You're blindly trusting the remote script.curl -sSL https://example.com/install.sh | bash
This is dangerous. The script could be malicious, the server could be compromised, or a transient network error could result in executing a partial script.
vet wraps this process in a secure, interactive workflow:
Fetch: It downloads the remote script to a temporary location.
Diff & Review: It shows you what, if anything, has changed since the last time you ran this script.
Lint: If you have shellcheck installed, it automatically analyzes the script for potential bugs or malicious patterns.
Confirm: It prompts you for explicit approval before executing anything.
# The new, safer way.vet https://example.com/install.sh
The easiest and recommended way to install vet is via Homebrew.
# First, tap the official repositorybrew tap vet-run/vet# Now, install the formulabrew install vet-run
This is the two-step "Download, then Review" process that vet automates.
Download the installer:
Choose one of the following sources. The first is the official project domain, and the second is a direct link to the GitHub release asset.
Option A: Official project domain
curl -o install_vet.sh https://getvet.sh/install.shOption B: Direct GitHub Release Link
curl -L -o install_vet.sh https://github.com/vet-run/vet/releases/latest/download/install.shReview the installer's code. Open it in a text editor or use less to ensure it's not doing anything suspicious. It's a simple script that downloads the correct vet script and moves it to /usr/local/bin.
less install_vet.shRun the installer you just vetted:
sh install_vet.shCongratulations! You just manually performed the process that vet will now automate for you.
In your terminal, run:
# Don't actually do this. That's the whole point.curl -sL https://getvet.sh/install.sh | sh