Arch Linux’s AUR is experiencing a malware incident involving user-contributed packages with malicious commits that attempt to download npm-based payloads during installation. (…)
Arch users should not update AUR packages without review. Examine PKGBUILD diffs, check any new .install files, and be cautious if updates introduce npm commands or dependencies unrelated to the software.
Users who recently updated affected AUR packages should review package history, examine executed suspicious install scripts, and treat any unexpected npm-based installation behavior as a possible compromise.
curl | shis the worst security front door I’ve seenAt least check the script first so it’s understood
On one hand I agree, but how different is it really from running an opaque executable or installer.
Well, with the script at least you can follow the actions first, so it’s better…just don’t run it blindly because 2 minutes ago the attacker just put an additonal line of code in…
The executable / installer is more of a Windows thing and we’ve seen how that arms race is going… even Microsoft are trying to create a Linux-style repo called Windows Store.