On 2026-06-12 16:16, Agamjot Singh wrote:
Another temporary solution (specifically for the current situation
involving atomic-lockfile npm package):

regex npm/pnpm install atomic-lockfile
in the PKGBUILD and holding all such commits.

The regex list can then be updated manually by moderators as other methods
of malware distribution get discovered.

Circumventing such list is faster and easier than reacting and updating it to contain new patterns. The "payloads" are at least human readable for now...

MW

Reply via email to