AUR Report Thread
6 hours ago
- #security
- #malware
- #AUR
- An email chain about malicious commits in the AUR (Arch User Repository) involving packages installing 'atomic-lockfile' via npm.
- Community members report identifying around 408 packages with malicious commits, listing many examples in the thread.
- Request from maintainers to centralize findings by replying to the original email to keep the thread organized.
- Notification that efforts are underway to reset/delete malicious commits and ban associated accounts.
- Discussion about the volume of reports and suggestions to aggregate findings to avoid spamming the mailing list.
- Confirmation of ongoing monitoring and cleanup actions being taken by the Arch Linux team.