Arch Linux has disabled new account registrations for the Arch User Repository following multiple waves of malicious package updates. The move comes after more than 1,500 packages were compromised last week.
The AUR, a community-maintained repository for Arch Linux users, faced successive attacks starting June 11. Developers identified an initial batch of over 1,500 affected packages linked to a malicious npm package called js-digest.
Subsequent waves on June 13 and June 14 used different obfuscation methods, including split strings and local AI detection to flag entries. These updates inserted harmful scripts into packages such as browser tools and desktop applets.
On June 15, team member Leonidas Spyropoulos announced the registration freeze to allow cleanup. Core Arch repositories remain unaffected.
Users are advised to review all PKGBUILD files before updates and report issues via the aur-general mailing list.