442
you are viewing a single comment's thread
view the rest of the comments
[-] Tetsuo@jlai.lu 29 points 1 month ago* (last edited 1 month ago)

Ok, but I was expecting something a bit more automated then opening a list of package in kate and comparing it to my list of installed AUR package... Plus it's 400 package so that's a lot of things to check and plenty of space to miss one package by manually checking.

But I get it I'm lazy and just need to script something myself. This is affecting so many people I thought we would have a script to check quickly if you are "infected".

Edit : thanks for the numerous script sent as reply ! But I'm all set now, thanks !

[-] bigbangdangler@reddthat.com 38 points 1 month ago

It took Arch ~19 years just to get archinstall.

Something tells me there won't be a script.

[-] daggermoon@piefed.world 15 points 1 month ago

The link is a script

[-] Goodlucksil@lemmy.dbzer0.com 6 points 1 month ago

A lot of those 19 years were times where only nerds used arch.

[-] esc@piefed.social 5 points 1 month ago

Arch had curses based installator for a long time, it became unmaintained.

[-] CaptDust@sh.itjust.works 24 points 1 month ago* (last edited 1 month ago)

CachyOS community seems to have a detection script, I have not vetted this run at your own discretion.

https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040

[-] 0x0@infosec.pub 7 points 1 month ago

You could probably find it on aur lmao

[-] NebulaNymph@programming.dev 3 points 1 month ago

I haven't used kate but does it not have some sort of easy search?

ex. pacman -Qm to list AUR packages; should display the 3/4 pkgs you have installed. Then just search in kate for those 3/4 results?

Alternatively cat & grep in the terminal is pretty straight forward.

That is if it's 3/4 pkgs that are from AUR, but if someone has hundreds installed that is a bigger issue on its own.

[-] shweddy@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

Damn how long is the list when you

pacman -Qm
[-] Tetsuo@jlai.lu 2 points 1 month ago

Am I missing something ?

Just because I have 3/4 package on my system doesn't mean the 400+ list of affected package gets shorter on the other side...

I'm actually pretty cautious with AUR and I only install them when there is no other options.

[-] m4ylame0wecm@lemmy.zip 9 points 1 month ago

Especially for a small list, 3-4, that you actually need to check, what's the actual issue? Open list of 400, ctrl+f for the few names you care about, move on.

[-] shweddy@lemmy.world 5 points 1 month ago

I was just curious because I didnt think it was so tediuous to check against an alphabetical list on a website using ctrl+f. But thats just me. It took me less than a minute to check my 8 aur packages against the list

[-] dafta 1 points 1 month ago
comm -1 -2 <(pacman -Qqm | sort) <(curl -s https://md.archlinux.org/s/SxbqukK6IA | sort)
this post was submitted on 12 Jun 2026
442 points (100.0% liked)

Technology

86448 readers
2913 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS