Having said that, I write a lot of JS / Node. When you npm (a package manager for NodeJS) install something there could very well be some curl commands piping to bash or sh.
Makes me think of an idea -- and maybe it exists -- create a npm package whose only purpose is to run checks on the code of the other packages being installed to ensure they are "safe".
Makes me think of an idea -- and maybe it exists -- create a npm package whose only purpose is to run checks on the code of the other packages being installed to ensure they are "safe".