Arch Linux’s AUR is experiencing a malware incident involving user-contributed packages with malicious commits that attempt to download npm-based payloads during installation. (…)
Arch users should not update AUR packages without review. Examine PKGBUILD diffs, check any new .install files, and be cautious if updates introduce npm commands or dependencies unrelated to the software.
Users who recently updated affected AUR packages should review package history, examine executed suspicious install scripts, and treat any unexpected npm-based installation behavior as a possible compromise.
That’s another reason I like cachyos: they have a curated list of aur pkgs in their repo.
I too use CachyOS. But i am very new to it. Why are we more ‘protected’ than straight up Arch users? I like Cachy, but have a gripe with how some applications behave, especially Java based Apps, that have a native installer in AUR (not building from source). I have one application that is built in JAVA, and the text is so freaking small, all the pop-up windows open on the wrong place which makes the pointer inaccurate etc. But I digress. The question was more why should we feel more relaxed than the Arch guys and gals?
It’s like having a “double check” from a trusted source, they compile selected stuff from the aur so I suppose it’s a little more safe for the random user.
This is propably because app does not support fractional scaling. Some apps that does not support fractional scaling will either not be scaled (rendered at native display resolution), or scaled by system (will look blurry because window resolution does not match display resolution).
That makes sense. What is weird though is the dev wrote the app for multiple platforms, including Debian, RPM-based and a few others. So it not like it is one of those ‘compile only from source and good luck to yah’ kinda apps.
But thank you for the response. I do appreciate you taking the time!