The installation method they officially propagate is dangerous. curl -fsSL https://mimo.xiaomi.com/install | bash
This is usually a PoC (Proof of concept) way to install something on a temporary container or temporary VM, but not for production use during daily desktop operation.
I was hoping their documentation would provide better installation instructions. But strangely, only for Windows do they recommend "npm install -g @mimo-ai/cli," which is a much better approach to managing installed packages.
For Mac/Linux, they have the strange recommendation to use the dangerous "curl <some_url> | bash." Quote:
> (for the best experience, Mac users are strongly encouraged to use iTerm or the VSCode Terminal) > curl -fsSL https://mimo.xiaomi.com/install | bash
:(
This is how everyone does it now. Including Anthropic.
To be fair, is that any different from naively trusting NPM? It's not like NPM is doing any vetting. They're every threat actors favorite sandbox these days.
https://code.claude.com/docs/en/quickstart
You're right that it's as dangerous as it's executing random third-party code on your machine, but the method also has propagated far beyond PoCs and such at this point. All of these projects and many others push that install method: Bun, Deno, rustup, k3s, Docker (if using their helper script), Homebrew, Tailscale...
Frankly, it's not really more insecure than any other installation method. Apt packages and the like generally have the ability to specify pre/post-install scripts, so `sudo dpkg -i ./random.deb` is equivalent to `sudo bash ./random.sh`. Even if they didn't have pre/post-install scripts, they're still writing arbitrary files to arbitrary locations on your disk, so they can trigger execution the next time you boot or log in or whatever.
And at the end of the day, no matter the installation method (even just unpacking a tarball and executing the program directly from that directory), you're going to run their program on your computer, and then the program can do whatever it wants. Maybe you don't run it with sudo, but https://xkcd.com/1200/ seems relevant.
A package (like a .deb) is a static artifact. It can be hashed, mirrored, and GPG-signed. Package managers usually verify that signature before any pre/post-install scripts. A "curl <some_url> | bash" pipe is a dynamic stream; the server can perform targeted attacks: sending a clean script to 99% of users and a malicious payload only to a specific IP address or User-Agent. This allows for targeted attacks that are invisible to the rest of the community.
Yes, running third-party code is always a leap of faith, but why choose a delivery method that removes the possibility of verification and opens the door to targeted injections? Convenience shouldn't be an excuse to ignore basic security hygiene.
The problem is that npm, cargo, etc. set the standard in people's minds for how package managers work, when the Linux community has been working on securing the supply chain issues for decades.
Like requiring a WoT (usually with physical meetups) vetting people creating packages, FTP-masters, dedicated clean buildbots, etc. in addition to the packages themselves being signed and so on.
Codex use this (for update).
> sh -c 'curl -fsSL https://chatgpt.com/codex/install.sh | CODEX_NON_INTERACTIVE=1 sh'
This is just sh, not bash, but I doubt it would be any better.
Thats exactly same as Claude Code offer: https://code.claude.com/docs/en/quickstart
We've had this discussion since Eazel Linux desktop popularized bash | curl in 2001.
> npm install ... is a much better approach to managing installed packages.
No. Until the upcoming version of npm is out, npm will also run arbitrary code. Almost all common installation tools run arbitrary code. Not doing that is sadly the exception for now.
Isn't executing arbitrary code kind of the entire point of NPM though? Any chance you have a link to something that describes their plans?
> Isn't executing arbitrary code kind of the entire point of NPM though?
No. npm is a package manager. As mentioned in the comment you're replying to, almost all package managers execute arbitrary code. Eg:
- pip
- Cargo
- apt/dpkg
- dnf/yum
- Homebrew
- RubyGems
- Composer (limited)
- Maven
> Any chance you have a link to something that describes their plans?
https://github.blog/changelog/2026-06-09-upcoming-breaking-c...