|
|
|
|
|
|
by reorder9695
4 days ago
|
|
|
To be fair in this case it looks like npm was used as a way to run arbitrary code in a way that wouldn't look out of place immediately in a PKGBUILD file. All of this could have been done from within the install hook or anywhere else really in the PKGBUILD, it would've just been more obvious at a cursory glance if there was now randomly a curl | bash in the file. |
|
|