Hundreds of AUR packages compromised

Hundreds of orphaned packages hosted by the Arch User Repository (AUR) havebeen compromised by an attacker who has added a malicious npmpackage (atomic-lockfile) that can exfiltrate sensitivedata. The project is currently workingon cleaning up the mess. There is a list of affected packagesand post (possibly NSFW domain) by"sodiboo" with additional information. Arch Linux users (or users ofArch-based distributions) that use AUR packages may wish to see if theyhave installed any of the compromised updates.