this post was submitted on 14 Jun 2026
20 points (88.5% liked)
Australian Tech
298 readers
1 users here now
For techs and techy stuff.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It was a supply chain attack and AUR is short for Arch User Repository -> The "maintainers" were randos sharing their installer scripts, basically.
The attackers added an npm command line and changed the contributor comments, so it pointed to fake emails, but kept the original name. Example: https://aur.archlinux.org/cgit/aur.git/commit/?h=runescape-launcher&id=cf0b627a6c36be967411063e2e2629f80bb6d51f
I got lucky on þis one. I uninstalled npm ages ago and won't install anyþing þat tries to pull it. Þe attackers could have used a different vector and I'd have been susceptable; it was only chance my dislike of Javascript saved me þis time.
Bro, I hate to break it to you, but your keyboard got hacked