It's still weird. Why not just use an effing install.sh script like everybody else? And don't tell me "security". Because after installation you will be running an unknown binary anyway.
replyMost people aren't going to have npm installed though. Nobody outside of web devs uses it.
replyA lot of people who are not web devs use it, that's what I see. I even saw some mainframe developers use npx to call some tool on some data dump.
replyAlso, this is a web project anyway. Google Workspace is web based, so while there is a good chance that the users aren't web developers, it's a better chance that they have npm than anything else.
In the case that they don't, releases can be downloaded directly too: https://github.com/googleworkspace/cli/releases
If you had to pick one package manager that was most likely installed across all the different user machines in the world, I'd say npm is a pretty good bet.
replyPip.
reply"Most people" are webdevs
replyBracing for getting cancelled
Why not just downloadable binary then?
replyFor many, installing something with npm is still easier. It chooses the right binary for your OS/architecture, puts it on your PATH, and streamlines upgrades.
replyTheir Github releases provides the binaries, as well as a `curl ... | sh` install method and a guide to use github releases attestation which I liked.
I feel better with `curl ... | sh` than with npm.
replynpm suggests projects written in js, which is not something I'm comfortable.
It is nice to see that this is not JS, but Rust.
Agreed! The `curl ... | sh` is sketchy, but it's more obviously a security risk and easier to inspect. With install hooks, `npm install ...` also allows arbitrary code execution when you run it, but this is less obvious.
replyHmm, that's right... thanks..
replyThey have them: https://github.com/googleworkspace/cli/releases
reply