GuideAugust 19, 20256 min read

One Command to Rule Them All: The curl | sh Setup Pattern

Homebrew, Rust, Nix, and Deno all use it. Here is how ConfigSync takes the curl | sh pattern further to set up your entire development environment.

A Pattern You Already Use

If you have ever installed a developer tool from the command line, you have probably run something like this:

The familiar pattern
# Homebrew $ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" # Rust $ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # Nix $ curl -L https://nixos.org/nix/install | sh # Deno $ curl -fsSL https://deno.land/install.sh | sh

The curl | sh pattern has become the standard way to install developer tools. It is quick, it works on any Unix-like system, and it requires no prerequisites beyond curl and a shell. The script handles detecting your OS, architecture, and package manager, then installs everything you need.

How ConfigSync's Install Script Works

ConfigSync uses the same pattern, but takes it a step further. Instead of just installing a single tool, it can set up your entire development environment in one command. Here is what the install script does under the hood:

What happens when you run the install
$ curl -fsSL configsync.dev/install | sh 1. Checks if Node.js is installed (requires v18+) → If missing, suggests installing via nvm or your package manager 2. Installs ConfigSync globally via npm → npm install -g @inventivehq/configsync 3. Verifies the installation → configsync --version 4. Prints next steps → "Run: configsync setup --token YOUR_TOKEN"

The basic install command gets ConfigSync on your machine. But the real power comes from passing parameters that automate the entire setup flow.

Three Levels of Automation

ConfigSync's install script accepts URL parameters that progressively automate more of the setup process:

Level 1: Basic install
# Just install ConfigSync $ curl -fsSL configsync.dev/install | sh # Then manually set up $ configsync setup --token cs_abc123 $ configsync pull --install
Level 2: Install + authenticate
# Install and automatically authenticate $ curl -fsSL "configsync.dev/install?token=cs_abc123" | sh # ConfigSync is installed and authenticated # Just pull your environment $ configsync pull --install
Level 3: Install + authenticate + pull from specific machine
# Full one-command setup $ curl -fsSL "configsync.dev/install?token=cs_abc123&from=MacBook" | sh # Everything happens automatically: # - Install ConfigSync # - Authenticate with your account # - Pull from your MacBook's latest snapshot # - Install packages # - Run bootstrap script
Setup tokens are single-use and expire after 24 hours. Generate them from your ConfigSync dashboard or by running configsync token create --type setup on an authenticated machine.

Security Considerations

The curl | sh pattern gets criticized for security reasons, and those concerns are valid. Here is how ConfigSync addresses them:

ConcernHow ConfigSync Handles It
Man-in-the-middle attacksHTTPS only. The -f flag in curl fails on HTTP errors.
Script could be maliciousConfigSync is open source — inspect the script at configsync.dev/install anytime.
Token exposure in URLSetup tokens are single-use and expire in 24 hours.
Running as rootThe install script never uses sudo. Package installs are user-scoped.
Piping to shell is opaqueDownload first with curl -o, inspect, then run. Same result.

If piping directly to sh makes you uncomfortable, you can always download and inspect the script first:

Inspect before running
# Download the script $ curl -fsSL configsync.dev/install -o install.sh # Read it $ less install.sh # Run it when you're satisfied $ sh install.sh

The npm Alternative

If you already have Node.js installed, you can skip the install script entirely and use npm directly. This is the more traditional approach and gives you the same result:

Direct npm install
# Install globally via npm $ npm install -g @inventivehq/configsync # Authenticate $ configsync setup --token cs_abc123 # Pull your environment $ configsync pull --install

The curl | sh approach is better for fresh machines where you may not have Node.js yet, or when you want to minimize the number of manual steps. The npm approach is better when you want explicit control over each step.

Generating Your Setup URL

The easiest way to get your one-command setup URL is from the ConfigSync dashboard. Navigate to your machines page, click "Add Machine," and you will get a ready-to-copy command with a fresh setup token. You can also generate tokens from the CLI:

Generate a setup token
$ configsync token create --type setup --name "New laptop" Setup token created: cs_setup_a1b2c3d4e5f6 One-command setup URL: curl -fsSL "configsync.dev/install?token=cs_setup_a1b2c3d4e5f6" | sh Token expires in 24 hours. Single use.

Keep this token private. Anyone with the token can register a machine on your account and pull your encrypted environment data. The token itself cannot decrypt your secrets — that requires your master password — but it is still best treated as sensitive.

One Command Is All It Takes

The curl | sh pattern works because it removes friction. The fewer steps between "I have a new machine" and "I am productive," the better. ConfigSync builds on this pattern to take you from a bare terminal to a fully configured development environment in a single command. No manual steps, no checklists, no forgotten configs.

Ready to try ConfigSync?

Sync your entire dev environment across machines in minutes. Free forever for up to 3 devices.

Get StartedRead the Docs