A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
  • HaraldvonBlauzahn@feddit.orgEnglish
    3·
    1 day ago

    Have a look into the Guix package manager. It works fine on top of Arch, and Guix has 31,000 packages now. Great for cross-language development and also suitable for early sharing of projects. npm support is a bit weak though, but packages written in Python, Rust, or functional languages are well represented.

    • Jason2357@lemmy.caEnglish
      1·
      6 hours ago

      Thats like nix packager, right? Looks interesting to layer on top. Says they are all reproducible builds which is nice.

      • HaraldvonBlauzahn@feddit.orgEnglish
        3·
        5 hours ago

        Yes, Guix is initially a clone of Nix and has still remains of shared code (the build daemon).

        Differences:

        • Guix packages are defined in a Scheme dialect called Guile, a nice minimal functional language
        • Guix was created as a GNU project and stresses the importance of free software with strong copyleft
        • everything is built from source
        • very good and well organized documentation