IgnorePkg = yarn bun pnpm npm nodejs-nopt node-gyp And remember to check your PKGBUILDs! :) Fermín Olaiz. PS: sent this to arch-general as I think it might be useful.
Friendly reminder that given most of the ongoing attacks are based on
node packages you can always add the package managers to your
pacman.conf's IgnorePkg as a second line of defense (assuming you don't
use them).
- Tip to avoid malware from AUR: add node package managers to ... Fermín Olaiz
