Skip to content

aur-scan 1.1.0-rc2 (release candidate)

Pre-release
Pre-release

Choose a tag to compare

View all tags
@HxHippy HxHippy released this 15 Jun 01:57
· 53 commits to main since this release
v1.1.0-rc2
This tag was signed with the committer’s verified signature.
HxHippy HxHippy
GPG key ID: 1132BF893C33FB51
Verified
Learn about vigilant mode.
b924599
This commit was signed with the committer’s verified signature.
HxHippy HxHippy
GPG key ID: 1132BF893C33FB51
Verified
Learn about vigilant mode.

Proactive detection expansion + anti-evasion.

Install

gpg --recv-keys 25631EAE3F43999050B7D7021132BF893C33FB51   # one-time
paru -S aur-scanner-rc                                      # or: yay -S aur-scanner-rc

Highlights

  • De-obfuscation engine — decodes ANSI-C quoting ($'\\x63') and adjacent-quote splitting ("b"'u''n'), then runs the whole catalog against the decoded text. The live obfuscated AUR wave (a bun add JS payload hidden in a post_install hook) is now flagged critical, not just a generic high.
  • +28 detection rules across reverse shells, exfiltration, auth/system tampering, supply-chain trust, and RCE. Catalog 72 → 106 codes.
  • aur-scan install cleans its own build dir (--keep-build to retain).
  • Packaging: options=('!debug' '!strip') — no more empty -debug package or gdb/fakeroot noise.

Full notes: CHANGELOG

Assets 2
Loading