this post was submitted on 14 Jun 2026
141 points (97.3% liked)

Linux

14113 readers
220 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
141
The security situation with the Arch Linux AUR got a lot worse (www.gamingonlinux.com)
submitted 1 week ago by cm0002@europe.pub to c/linux@programming.dev
40 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] brucethemoose@lemmy.world 12 points 1 week ago* (last edited 1 week ago)

It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?

Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.