[giancarlostoro]

"Oh a new exploit, I wonder if npm is involved at all"

Yup. Every time, I guess it's one of the most common attack vectors, can we do anything to secure NPM more against these supply chain attacks? I swear NPM is always involved in all sizable attack vectors these days.

[reorder9695]

To be fair in this case it looks like npm was used as a way to run arbitrary code in a way that wouldn't look out of place immediately in a PKGBUILD file. All of this could have been done from within the install hook or anywhere else really in the PKGBUILD, it would've just been more obvious at a cursory glance if there was now randomly a curl | bash in the file.