looks like the author also provides package manager installation on further reading of the readme. I'm still not quite seeing the issue with the curl to bash, I'm trusting the author by running their tool, regardless of the installation method. And I could always download the script first to check it right?

ah I see, the greater risk of mitm attack due the script not being hosted by a package manager, fair enough.