Don’t blindly run untrusted software, use Bubblewrap at the very least. Keep https://xkcd.com/538/ in mind.

The mojo, cpan and pip bash scripts don’t fail my test of “skimming over the source and looking for dangerous external commands like curl or rm” (good syntax highlighting is helpful here). They look like typical completion scripts. However, if your Linux distribution has a pip completion script in their repos, prefer that one.

Wired has removed the story because it “does not meet [their] editorial standards”.

Wired has removed the story because it “does not meet [their] editorial standards”.

You guys are overreacting. DDG said they would only down-rank sites associated with Russian disinformation. It’s normal for search engines to downrank low-quality sites such as SEO spam.