On 6/11/26 3:50 PM, Mark Wagie wrote:
A new Maintainer adopted gnome-randr-rust and added an install file with the 
following:

npm install atomic-lockfile yargs

https://aur.archlinux.org/cgit/aur.git/commit/?h=gnome-randr-rust&id=da9f4cf2d470bd603968ef605736285a2e0c8880

Thanks, the offending commit was da9f4cf2d470bd603968ef605736285a2e0c8880, I've rolled back the repository to the previous commit d6801693e68e13267e33bb34080b6fa7f057c850.

Another moderator already suspended the user.

The pattern is always the same, `npm install something` in post_install which in turn has a package.json with (the exact path varies):

```
[...]
  "scripts": {
    [...]
    "preinstall": "./src/hooks/deps",
    [...]
  },
[...]
```

Which is an ELF executable.

I've also notified npmjs.com that atomic-lockfile is malware.

Thanks for the report, very much appreciated.

kpcyrd

Reply via email to