Several projects have taken aim at the curl | bash problem from different
angles — fetch-and-diff, shell-hook interception, runtime sandboxing, or just running the
script as-is. This page lays out, capability by capability, what each one actually ships
today.
Headers link to each project so you can verify the claims yourself. If anything below looks wrong or out of date, please open an issue — we'd rather correct the table than misrepresent a peer tool.
Drop-in replacement for bash in the curl-pipe-bash pattern. Buffers the
script, runs categorized AST analysis, injects strict mode, records history.
Fetch + diff against last run + ShellCheck + confirm. Two flags total. The most direct peer; flagship feature is the diff signal.
Shell-hook based interception (tirith.sh) with a large rule pack across ~15 categories, threat-intel updates, and an MCP / AI-agent integration.
Sysdig's runtime approach: wrap the install in a session leader and use eBPF rules (Falco) to flag/block writes outside install paths and other escape attempts.
Compact comparison of what each tool actually ships today. "Yes" means the capability is shipped and on by default; "partial" means the tool covers part of the capability or requires extra setup; "no" means the capability is absent.
| Capability | safesh (now) | vet | Tirith | fbash + Falco |
|---|---|---|---|---|
| Full buffering before exec | yes | yes | yes (run cmd) | no |
Strict-mode injection (set -euo pipefail) |
yes | no | no | no |
| Categorized findings (AST) | yes (8 cats) | via shellcheck | yes (~80 rules / 15 cats) | n/a (runtime) |
| Diff against previous run | no | yes | no | no |
| Env stripping to baseline | yes | no | no | no |
| Integrity (SHA-256, sibling files) | yes (URL mode) | no | no | no |
| Signature verification (Sigstore / GPG) | no | no | no | no |
| History & audit log | yes | cache only | logs | via Falco |
| Network-target inventory | yes (via --observe) |
no | partial | runtime |
| ANSI / bidi / zero-width detection | yes | no | yes | no |
| Homograph URL detection | yes | no | yes | no |
| Sandboxed execution | yes (Linux, bwrap) | no | no | yes (Linux) |
| Shell-hook / passive coverage | no | no | yes | no |
| MCP / AI-agent integration | no | no | yes | no |
| Threat-intel rule pack updates | no | no | yes (signed) | via Falco |
| Cross-platform (macOS / Linux / WSL) | yes | yes | yes | Linux only |
| Dry-run | yes | partial | yes (check) | no |
Different bets, not strict ranking. Each tool here picks a different point on the curve: vet bets on minimal flags and the diff signal; Tirith bets on always-on shell-hook coverage and a large signed rule pack; fbash + Falco bet on runtime containment via eBPF; safesh bets on static AST analysis, strict mode, and a small surface that runs anywhere bash does. Pick what fits your threat model.
Want to suggest a tool we missed, or a row that doesn't reflect reality? Open an issue — corrections welcome.
