An ongoing security incident in the Arch User Repository (AUR), where a contributor identifies and provides a massive list of ~ 1500 compromised packages targeting the malicious js-digest npm package. 
Also see: Arch Linux AUR affected-package list after malicious commits were deleted
does anyone got affected from those 1,500 packages listed ?
Only two packages I use from the aur :
I’ve always considered this to happens & it happened before
also one extra tip for newbies never use aur helper such yay & trust user repository blindly it’s not build with CI, instead do these safe steps :
