Yes, explicitly asking you if you want to run the install script is the first warning (which pnpm can do too)

Then would halt due to file access or network permissions.

Could still get you if you lazily allow all everywhere though and this is why you shouldn’t do that.