Github is a gigantic pile of javascript that has to execute on your machine.
`Unzip` doesn't execute anything. If you're really paranoid, use an `unzip` tool written in Rust: https://lib.rs/keywords/zip-archive
For instance, here is a vulnerability from the past year leading to code execution on download: https://github.blog/2023-10-09-coordinated-disclosure-1-clic...
Github is a gigantic pile of javascript that has to execute on your machine.
`Unzip` doesn't execute anything. If you're really paranoid, use an `unzip` tool written in Rust: https://lib.rs/keywords/zip-archive