inngest-local

The code fragment represents a comprehensive self-hosting guide for Inngest with multiple deployment tiers. While purpose is legitimate, several patterns raise security concerns: a remote curl | bash setup (download-execute), environment-based credential handling, and reliance on external scripts/domains for setup. These patterns introduce supply-chain and execution risks, especially if the remote script or images are tampered with. The overall footprint aligns with the stated purpose only if the user fully trusts the external script, registry images, and domain sources. Given the presence of download-execute vectors and credential exposure surfaces, the risk is non-trivial and should be treated as suspicious to high-risk until mitigations (pinned scripts, hash verification, and self-contained setup artifacts) are in place.