yay v13 adds Lua hooks after AUR malware attacks

Kiswahili

The popular AUR helper yay released version 13 on June 18 with new tools to help users detect risky packages. The update follows multiple waves of malware that compromised over 1,500 packages in the Arch User Repository.

yay now displays a timestamp showing how recently each package's PKGBUILD was last changed. This appears in search results, the yogurt prompt, and the upgrade menu.

Maintainer Jo Guerreiro said the timestamp serves only as an extra signal and does not indicate whether a package is safe or unsafe.

The release also introduces Lua-based hooks and configuration. Users can place a file at $XDG_CONFIG_HOME/yay/init.lua to script behaviors such as UpgradeSelect, AURPreInstall, and AURPostDownload.

These hooks allow automated checks before packages are installed. The update includes other fixes such as restored locale files and improved logging.

Makala yanayohusiana

Arch Linux disables new AUR registrations after malware waves

Arch Linux has disabled new account registrations for the Arch User Repository following multiple waves of malicious package updates. The move comes after more than 1,500 packages were compromised last week.

Malware infects 1579 packages in Arch Linux AUR

Imeripotiwa na AI

More than 1500 user contributed packages in the Arch Linux User Repository were infected with malware.

Jumanne, 16. Mwezi wa sita 2026, 16:24:37

CachyOS switches to Rust-based Shelly package manager

Jumanne, 2. Mwezi wa sita 2026, 11:52:39

KDE Linux reports May progress on build system and security

Alhamisi, 7. Mwezi wa tano 2026, 12:12:17

Yazi offers new terminal file management options

Jumamosi, 28. Mwezi wa tatu 2026, 02:04:18

Linux maintainer says AI tools now find real bugs

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa