previous // next // beginning
seen from United Kingdom

seen from Hong Kong SAR China
seen from France
seen from Netherlands
seen from United Kingdom
seen from Israel

seen from Malaysia
seen from Argentina
seen from China

seen from Malaysia

seen from Russia
seen from China

seen from Germany

seen from United States
seen from France

seen from Israel
seen from Philippines

seen from Israel
seen from United States
seen from Brazil
previous // next // beginning
Ongoing attack against Arch Linux AUR orphaned packages
You can stop reading if:
You don't use Arch Linux
You haven't updated packages in the last day or two
You don't have any AUR packages
Looks like 400+ orphaned packages have had commits today (2026-06-11) adding a dependency on npm and a call to a bad npm package, atomic-lock, which was uploaded yesterday.
[1] AUR mailing list discussion: https://lists.archlinux.org/archives/list/[email protected]/thread/L2JXQNYBGWOQQQXDEPEAICBHKFEFANUC/
[2] AI-written preliminary malware analysis: https://ioctl.fail/preliminary-analysis-of-aur-malware/
[3] Reddit thread: https://www.reddit.com/r/archlinux/comments/1u358xm/aur_supply_chain_attack_npm_atomiclockfile/
Why is this so exciting?
What's next? base64 obfuscation? :D
★ FUZZ 25
Hurt feelings
first / previous / next
Recently I had a nap and dreamed the next Big Thing on Tumblr was "Absolutely Unrelated Reblogs (#aur) which was just turning your whole dash into countless unrelated points, shitpost texts, copypastas, art and et cetera all in one reblog chain.
It was horrible but man I hate it that I wouldn't be surprised if it suddenly DID turn into a trend or something. Like "Yuuup, das Tumblr y'all.".
Arch user moaning: AaaUuUURRr