[timemachine]

`curl -o- https://example.com/install-harmless-utility.sh | sh`

[stjo]

Related: Detecting the use of "curl | bash" server side

https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...

You can make it so that the server returns benevolent looking code when auditing it with just "curl URL", but return malware when curl is directly piped to bash.

[bscphil]

I.e. the correct and expected method for installing the latest version of Node.js as a package on Debian. (Except you're supposed to run it as root.)