Hi,
On Samstag, 13. Juni 2026 10:04:28 Mitteleuropäische Sommerzeit, Andreas
Reichel wrote:
Thank you Nicolas,
The caveat is that this will consume massive capacity and infra
structure and needs to be backed by reviews to filter out any false
positives.
On Sat, 2026-06-13 at 15:40 +0800, Nicolas Boichat wrote:
Hi,
I think that's a reasonable idea for local use yes!
I've played with something similar, but trying to look at all recent
AUR pushes. Haiku definitely could catch the npm stuff as malicious
(that's how I spotted the few I posted on list), but even then, that ...
I've played around with a check script that uses Qwen2.5-Coder-7B-Q8_0-GGUF
locally in llama.cpp and after adding lots of grep checks for specific
assessments (aka harnesses) to stop hallucinations causing false positives,
it works surprisingly good for such a small model. Fitting the model inside
a local GPU or at least enough layers of it to not slow down the model too
much, it answers in < 5s. 8GB VRAM should be enough to put the majority of
layers on the GPU. If you go CPU only, I think it'll probably take a couple
of minutes per package, depending on how much text the PKGBUILD, local
patches in the pkg & pre/post-install scripts contain.
I also tried similar-quantisized Qwen3.6 and GLM4.7 models that aren't
tuned for coding, they used more VRAM but provided a worse experience on
these low quants.
Using an even smaller model like Qwen2.5-Coder-3B-Q8_0-GGUF produced
garbage assessments nearly all the time.
Scanning pkgs on a relatively small local model is definitely possible, but
continuous updates to prompt & harnesses are necessary for the tool to be
usable, especially if malicious uploaders try sneakier methods.
Regards,
Oskar