How bad was it?
1,500 packages out of 107,000 so pretty bad, ameliorated by only affecting installs of those in a window of a few days.
AUR comes with a warning that its up to you to check what you install from there.
I was concerned at headline, then saw "oh just AUR"
Next up, "millions of malicious packages still not taken down on internet"
I wonder what typical AUR usage looks like. I apparently have 27 packages installed and last updated one in November.
There's more than one way but this lists packages not installed by pacman itself:
pacman -Qm
1,500 packages out of 107,000 so pretty bad, ameliorated by only affecting installs of those in a window of a few days.
AUR comes with a warning that its up to you to check what you install from there.
I was concerned at headline, then saw "oh just AUR"
Next up, "millions of malicious packages still not taken down on internet"
I wonder what typical AUR usage looks like. I apparently have 27 packages installed and last updated one in November.
There's more than one way but this lists packages not installed by pacman itself:
Only 237 on my 12 year old system but I rarely update AUR packages and usually try to remove unused ones before updating.