bun-dev

This document is a release/install README for Bun and is not itself malicious code. However, it explicitly recommends high-risk installation patterns (curl | bash and Invoke-Expression PowerShell) and several remote package/image installation vectors (npm, brew, scoop, docker). Those instructions constitute supply-chain risk: if the remote installer, package registry, or image is compromised, an attacker could execute arbitrary code on users' machines. Recommendation: avoid piping remote scripts directly to shell; inspect downloaded install scripts, prefer package manager checksums/signatures or verified binaries, and use least-privilege installation methods. No direct signs of malware in the supplied text.