this post was submitted on 16 Jun 2026
579 points (98.0% liked)

linuxmemes

31803 readers
624 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
  • Don't come looking for advice, this is not the right community.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
    • 5. πŸ‡¬πŸ‡§ Language/язык/Sprache
  • This is primarily an English-speaking community. πŸ‡¬πŸ‡§πŸ‡¦πŸ‡ΊπŸ‡ΊπŸ‡Έ
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
    • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
    • Β 

    Please report posts and comments that break these rules!

    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 3 years ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    579
    Who could have seen it coming? (sh.itjust.works)
    submitted 3 days ago by ar99644@sh.itjust.works to c/linuxmemes@lemmy.world
    87 comments fedilink hide all child comments
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] mrbutterscotch@feddit.org 8 points 2 days ago (5 children)

    Relatively new Linux user here.

    I've seen a few posts about malware on Linux mentioning things called AUR and NPM.

    I understand they are package managers? Is that something I have to worry about as a Bazzite user?

    [–] TheMadBeagle@lemmy.ml 3 points 1 day ago

    As other people have stated, you do not need to worry about the AUR issue specifically since Bazzite is not based on Arch Linux. Also, unless you are building Node based application (node being a JavaScript based runtime environment), you shouldn't have to worry about that one.

    That said, these platforms are just the latest targets because they have huge enterprise user bases. Any centralized repository has the potential for vulnerability, especially ones with unvetted user submissions.

    [–] CeeBee_Eh@lemmy.world 2 points 1 day ago

    Arch is a bleeding edge distro. Basically if you hear about some new feature coming to Linux, Arch probably had for about a week already. This obviously has its downsides like stability.

    The AUR (Arch User Repository) is basically a list of scripts that anyone can put together. In the scripts are various commands to download a program and how to build/install it. Where it pulls from and how it does it is completely up the uploader. Which makes it extremely dangerous.

    This is not representative of the rest of Linux systems and how they function. Arch's AUR is as close to downloading random installers from a website and running it on your Windows computer you can get.

    As for NPM, it's basically the same thing for JavaScript libraries, but worse.

    [–] sudo@programming.dev 10 points 2 days ago (1 children)

    npm: Node Package Manager.
    AUR: Arch User Repository.

    Bazzite is based on fedora not Arch so you don't need to worry.

    [–] mrbutterscotch@feddit.org 2 points 2 days ago

    Ah alright, thanks for the info!

    [–] M0oP0o@mander.xyz 14 points 2 days ago (1 children)

    Not likely. Just know that AUR is user driven and not checked or vetted.

    [–] mrbutterscotch@feddit.org 4 points 2 days ago (1 children)

    Yeah, I try to stick to the native flatpak manager for bazzite. Are there any other vetted software managers out there that you would recommend?

    [–] M0oP0o@mander.xyz 2 points 2 days ago

    Not really, almost any method (that is managed) is fine. Just read about where its coming from before downloading. Even user based is fine, if you trust it.

    [–] JackbyDev@programming.dev 1 points 1 day ago

    AUR is something related only to Arch Linux. Bazzite is not related to Arch, so you're good.

    NPM is the Node Package Manager. Unless you're doing something like installing Node JS stuff then you don't need to worry about this. I feel fairly confident that this is one of those things where you'd know if you were using it.