That’s why you shouldn’t blindly trust AUR, and always review the scripts before installing.
But something needs to change:
packages need to be reviewed (maybe also updates on new/untrusted users)
New package adoption need to be reviewed
Trusted users don’t need package review
Trusted users can review new packages (from other users)
This won’t stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.
That’s why you shouldn’t blindly trust AUR, and always review the scripts before installing.
But something needs to change:
This won’t stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.
2025 is the year of malware on Linux