JTI2d ago

On a more positive note: Someone has built a lovely little, simple GIS app that visualizes your or others GitHub star sources across the world with some additional analytics. Pretty, useful. Generally awesome I'd say.

Needs more of that. Maybe adapt to @Codeberg or other @forgejo instances? It's FOSS.

Here's the application to the little #aurpocalypse related script I made:

https://starmapper.bruniaux.com/lenucksi/aur-malware-check

#gis #github #codeberg #forgejo #awesome #visualization #webgis #foss #opensource

lenucksi/aur-malware-check stargazers map | StarMapper

Explore who stars lenucksi/aur-malware-check on an interactive world map. See geographic distribution, top countries, cities, and companies.

StarMapper
Show threadJTI3d ago

@sodiboo @ifin @threatintel @archlinux Hopefully now the worst of that #AURpocalypse campaign is through (🤞) .
Some friendly people even contributed some info on unrelated campaigns that targeted the AUR. The entire thing has racked up 1,8k stars on Github.

I've turned the original shell script bandaid into a small Python CLI that's ready for the next campaign.
I certainly don't look forward to it, but at least there should be something that makes creating a tool a bit easier if the new campaigns are even half-related in their approaches.

#Github #AURpocalypse

jbz6d ago

🛃 After Recent AUR Security Scare, Yay 13.0 Adds New Review and Automation Features https://linuxiac.com/yay-13-0-adds-new-review-and-automation-features/

#AURpocalypse #aur #arch #opensource #cybersecurity

After Recent AUR Security Scare, Yay 13.0 Adds New Review and Automation Features

Yay 13.0 adds Lua hooks, PKGBUILD age visibility, and new automation tools following recent concerns over AUR package security.

Linuxiac
Show threadJTIJun 13

@sodiboo @ifin @threatintel

Also, notable mention. unexpected thread: https://github.com/lenucksi/aur-malware-check/issues/5

Are there any plans on some bit more central validation, maybe even with some AI/LLM/... with regular conversion of insights to fixed/deterministic rules as discussed throughout the thread? Something something semgrep/opengrep, yara, flathub manifest style etc pp?
Update: Looping in @archlinux here.
Also, any plans on enforcing this -> https://wiki.archlinux.org/title/DeveloperWiki:Building_in_a_clean_chroot for all the AUR build business?

Also: How does this incident not yet have a creative name? I'm not asking for a #bumsrakete but there's gotta be something 🤣

Edit: https://jguer.space/blog/2026-06-15-yay-v13 delivered. It's the #AURpocalypse 😱 🤣

#llm #flathub #abuseprevention #malwareCheck #yara #opengrep #archLinux #archlinuxaur #aur #AURpocalypse

AURSCAN: Scanning AUR packages using Claude LLM · Issue #5 · lenucksi/aur-malware-check

Please have a look at https://github.com/manticore-projects/aurscan and maybe add.

GitHub