To my knowledge NPM isn't shipped in _any_ major OSes. It's available to install on all, just like most package managers, but I'm not sure it's in the default distributions of macOS, Windows, or the major Linux distros?

> The install script checks the OS and Arch, and pulls the right Rust binary.

That's the arbitrary code execution at install time aspect of npm that developers should be extra wary of in this day and age. Saner node package managers like pnpm ignore the build script and you have to explicitly approve it on a case-by-case basis.

That said, you can execute code with build.rs with cargo too. Cargo is just not a build artifact distribution mechanism.

More of a de facto standard for supply chain attacks tbh

Yeah except you need to install NPM, whereas with a rust binary, which can easily compile cross platform, you don’t.

Honestly I’m shocked to see so many people supporting this

> NPM has become the de facto standard for installing any software these days, because it is present on every OS.

That's not remotely true. If there is a standard (which I wouldn't say there is), it's either docker or curl|bash. Nobody is out there using npm to install packages except web devs, this is absolutely ridiculous on Google's part.

"NPM has become the de facto standard for installing any software these days, because it is present on every OS."

What?!? Must not be in any OS I've ever installed.

Now tar, on the other hand, exists even in windows.

I think there has been an influx of people vibe coding in Rust because its "fast" but otherwise they have no idea about Rust.