You'd have a great point if this was a private blackbox rep…

BSVanon · March 29, 2026

You'd have a great point if this was a private blackbox repo, wouldn't you?
But it's not, inspect it all yourself, or even vibe inspect it.
https://github.com/BSVanon/Anvil

Replies

terrorknowed · March 29, 2026

It is good that the repo is transparent. And I'm not insinuating that you have ill intentions. However a supply chain attacker could replace the script file served from your vps. Better to pin the install to a specific commit hash. The bad guys will do everything to try and slow us down.