Arch is a bleeding edge distro. Basically if you hear about some new feature coming to Linux, Arch probably had for about a week already. This obviously has its downsides like stability.
The AUR (Arch User Repository) is basically a list of scripts that anyone can put together. In the scripts are various commands to download a program and how to build/install it. Where it pulls from and how it does it is completely up the uploader. Which makes it extremely dangerous.
This is not representative of the rest of Linux systems and how they function. Arch’s AUR is as close to downloading random installers from a website and running it on your Windows computer you can get.
As for NPM, it’s basically the same thing for JavaScript libraries, but worse.
AUR is something related only to Arch Linux. Bazzite is not related to Arch, so you’re good.
NPM is the Node Package Manager. Unless you’re doing something like installing Node JS stuff then you don’t need to worry about this. I feel fairly confident that this is one of those things where you’d know if you were using it.
As other people have stated, you do not need to worry about the AUR issue specifically since Bazzite is not based on Arch Linux. Also, unless you are building Node based application (node being a JavaScript based runtime environment), you shouldn’t have to worry about that one.
That said, these platforms are just the latest targets because they have huge enterprise user bases. Any centralized repository has the potential for vulnerability, especially ones with unvetted user submissions.
Not really, almost any method (that is managed) is fine. Just read about where its coming from before downloading. Even user based is fine, if you trust it.
Relatively new Linux user here.
I’ve seen a few posts about malware on Linux mentioning things called AUR and NPM.
I understand they are package managers? Is that something I have to worry about as a Bazzite user?
Arch is a bleeding edge distro. Basically if you hear about some new feature coming to Linux, Arch probably had for about a week already. This obviously has its downsides like stability.
The AUR (Arch User Repository) is basically a list of scripts that anyone can put together. In the scripts are various commands to download a program and how to build/install it. Where it pulls from and how it does it is completely up the uploader. Which makes it extremely dangerous.
This is not representative of the rest of Linux systems and how they function. Arch’s AUR is as close to downloading random installers from a website and running it on your Windows computer you can get.
As for NPM, it’s basically the same thing for JavaScript libraries, but worse.
AUR is something related only to Arch Linux. Bazzite is not related to Arch, so you’re good.
NPM is the Node Package Manager. Unless you’re doing something like installing Node JS stuff then you don’t need to worry about this. I feel fairly confident that this is one of those things where you’d know if you were using it.
As other people have stated, you do not need to worry about the AUR issue specifically since Bazzite is not based on Arch Linux. Also, unless you are building Node based application (node being a JavaScript based runtime environment), you shouldn’t have to worry about that one.
That said, these platforms are just the latest targets because they have huge enterprise user bases. Any centralized repository has the potential for vulnerability, especially ones with unvetted user submissions.
npm: Node Package Manager.
AUR: Arch User Repository.
Bazzite is based on fedora not Arch so you don’t need to worry.
Ah alright, thanks for the info!
Not likely. Just know that AUR is user driven and not checked or vetted.
Yeah, I try to stick to the native flatpak manager for bazzite. Are there any other vetted software managers out there that you would recommend?
Not really, almost any method (that is managed) is fine. Just read about where its coming from before downloading. Even user based is fine, if you trust it.