looks like the author also provides package manager installation on further reading of the readme. I'm still not quite seeing the issue with the curl to bash, I'm trusting the author by running their tool, regardless of the installation method. And I could always download the script first to check it right?
https://www.seancassidy.me/dont-pipe-to-your-shell.html
https://sysdig.com/blog/friends-dont-let-friends-curl-bash/
https://news.ycombinator.com/item?id=12766049
Bonus points: serving a different script to people piping to bash, and those not:
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...