Hacker News new | ask | show | jobs
by Retr0id 5 days ago
They could've pip installed, curl|sh'd or anything else, it's not relevant to the underlying issue.
1 comments
notabotiswear 5 days ago
Perhaps there were other vectors, but npm was the one used here.

And yes, this is an AUR issue, but npm being used to host and dissiminate malware is also [a chronic] one, even if separate.

link