previous // next // beginning

seen from Malaysia
seen from New Zealand

seen from Germany

seen from Germany

seen from Germany
seen from Germany
seen from Israel
seen from Japan

seen from United Kingdom

seen from United Kingdom

seen from United Kingdom
seen from Türkiye
seen from United Kingdom

seen from Malaysia
seen from United States
seen from United States
seen from United Kingdom
seen from United States
seen from United States
seen from China
previous // next // beginning
Ongoing attack against Arch Linux AUR orphaned packages
You can stop reading if:
You don't use Arch Linux
You haven't updated packages in the last day or two
You don't have any AUR packages
Looks like 400+ orphaned packages have had commits today (2026-06-11) adding a dependency on npm and a call to a bad npm package, atomic-lock, which was uploaded yesterday.
[1] AUR mailing list discussion: https://lists.archlinux.org/archives/list/[email protected]/thread/L2JXQNYBGWOQQQXDEPEAICBHKFEFANUC/
[2] AI-written preliminary malware analysis: https://ioctl.fail/preliminary-analysis-of-aur-malware/
[3] Reddit thread: https://www.reddit.com/r/archlinux/comments/1u358xm/aur_supply_chain_attack_npm_atomiclockfile/
Why is this so exciting?
What's next? base64 obfuscation? :D
★ FUZZ 25
Hurt feelings
first / previous / next
Recently I had a nap and dreamed the next Big Thing on Tumblr was "Absolutely Unrelated Reblogs (#aur) which was just turning your whole dash into countless unrelated points, shitpost texts, copypastas, art and et cetera all in one reblog chain.
It was horrible but man I hate it that I wouldn't be surprised if it suddenly DID turn into a trend or something. Like "Yuuup, das Tumblr y'all.".
Arch user moaning: AaaUuUURRr