Those instructions are from the official docs, and install.sh comes from the source repo. It’s an annoying script (it basically runs apt, npm, make, on your behalf…thanks, I can do that myself), but if you’re trusting the repo source to begin with, I don’t think it’s any less secure.