It's about as safe as trusting all the add-ons in your IDE, and all the packages your node app pulls from random package repos.
It's just the plausible blame that shifts.
If you read the script before you pipe it into your shell, it's safe.
And if that's not safe, then it's just as dangerous to trust that an unopened bottle of ketchup is safe.
Nothing is safe. Everything is a judgement. Being culpable is a professional service. Lucky people out-earn unlucky people. The world is a scary place.
This is why we have linux distributions with maintainers who can take at least a basic look at the software, vet dependencies and run it through a test suite. And they only have to do that once for each new version and not again and again for each download.
It's just the plausible blame that shifts.
If you read the script before you pipe it into your shell, it's safe.
And if that's not safe, then it's just as dangerous to trust that an unopened bottle of ketchup is safe.
Nothing is safe. Everything is a judgement. Being culpable is a professional service. Lucky people out-earn unlucky people. The world is a scary place.