Show HN:Vet-一个安全运行远程shell脚本的工具

Show HN:Vet-一个安全运行远程shell脚本的工具
Show HN: Vet – A tool for safely running remote shell scripts

vet——一种运行远程脚本的更安全的方法。别再盲目地大喊大叫了。vet允许您检查远程脚本的更改，通过linter运行它们，并在执行之前需要您的明确批准。问题我们都见过这种安装软件的模式：curl-sSLhttps://example.com/install.sh这很危险。该脚本可能是恶意的，服务器可能会受到攻击，或者短暂的网络错误可能会导致执行部分脚本。解决方案审查人员将此过程包装在一个安全、交互式的工作流中：Fetch：它将远程脚本下载到临时位置。Diff&；回顾：它显示了自上次运行此脚本以来发生了什么变化。Lint：如果你安装了shellcheck，它会自动分析脚本中的潜在错误或恶意模式。确认：在执行任何操作之前，它会提示您明确批准。兽医https://example.com/install.sh安装在您的终端中，运行：curl-sLhttps://getvet.sh|sh

Hacker News的讨论围绕着“vet”展开，这是一个旨在为“curl | bash”安装模式添加一层安全性的工具。vet旨在通过显示差异、运行shellcheck并在执行前要求明确的用户批准来防止对安装程序脚本的恶意修改。人们对“vet”的局限性表示担忧，特别是它侧重于安装程序脚本，而不是正在安装的软件，这可能仍然很容易受到攻击。评论者指出，仅仅依靠“shellcheck”可能还不够，并建议使用加密哈希等更强大的验证方法。提到了审计包列表、使用白名单/黑名单或沙盒等替代方法来增强安全性。一些人认为，审查冗长的bash脚本所需的努力使该工具不切实际，许多用户默认直接连接到bash。

vet — A safer way to run remote scripts.

Stop blindly piping to bash. vet lets you inspect remote scripts for changes, run them through a linter, and require your explicit approval before they can execute.

The Problem

We've all seen this pattern for installing software:

curl -sSL https://example.com/install.sh | bash

This is dangerous. The script could be malicious, the server could be compromised, or a transient network error could result in executing a partial script.

The Solution

vet wraps this process in a secure, interactive workflow:

Fetch: It downloads the remote script to a temporary location.
Diff & Review: It shows you what, if anything, has changed since the last time you ran this script.
Lint: If you have shellcheck installed, it automatically analyzes the script for potential bugs or malicious patterns.
Confirm: It prompts you for explicit approval before executing anything.

vet https://example.com/install.sh

Installation

In your terminal, run:

curl -sL https://getvet.sh | sh