{"id":275462,"date":"2026-06-18T08:39:00","date_gmt":"2026-06-18T12:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/after-the-aur-malware-flood-yay-v13-lets-you-script-your-own-safety-net\/"},"modified":"2026-06-18T08:45:15","modified_gmt":"2026-06-18T12:45:15","slug":"after-the-aur-malware-flood-yay-v13-lets-you-script-your-own-safety-net","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/after-the-aur-malware-flood-yay-v13-lets-you-script-your-own-safety-net\/","title":{"rendered":"After the AUR Malware Flood, Yay v13 Lets You Script Your Own Safety Net"},"content":{"rendered":"<p><a href=\"https:\/\/itsfoss.com\/news\/yay-v13-release\/\">After the AUR Malware Flood, Yay v13 Lets You Script Your Own Safety Net<\/a><\/p>\n<p><a href=\"https:\/\/itsfoss.com\/news\/yay-v13-release\/\">https:\/\/itsfoss.com\/news\/yay-v13-release\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-18 08:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"itsfoss.com\">itsfoss.com<\/a><\/p>\n<p>As you might already know, the AUR has been going through a rough patch, where more than 1,500 packages were compromised across three separate waves of malware attacks before Arch developers could get a handle on it.<\/p>\n<p>yay, the most popular AUR helper for Arch Linux, just put out a release aimed at tackling that mess on the user level, introducing two new features that make it easier to spot a risky package before you install it and to automate the review work yourself.<\/p>\n<p> Let&#8217;s check it out! \ud83e\udd13<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/itsfoss.com\/content\/images\/2026\/06\/yay-v13-pkgbuild-last-modified.png\" class=\"kg-image\" alt=\"a terminal window showing the output for the following command: yay -Ss zen-browser\" loading=\"lazy\" width=\"1173\" height=\"711\" srcset=\"https:\/\/itsfoss.com\/content\/images\/size\/w600\/2026\/06\/yay-v13-pkgbuild-last-modified.png 600w, https:\/\/itsfoss.com\/content\/images\/size\/w1000\/2026\/06\/yay-v13-pkgbuild-last-modified.png 1000w, https:\/\/itsfoss.com\/content\/images\/2026\/06\/yay-v13-pkgbuild-last-modified.png 1173w\" sizes=\"(min-width: 720px) 720px\"\/>The new PKGBUILD last-modified timestamps are visible inside the square brackets.<\/p>\n<p>Search results, the yogurt prompt, and the upgrade menu all carry <strong>a new timestamp<\/strong> now, showing how long it&#8217;s been since a package&#8217;s PKGBUILD last changed. This gives you a heads-up on which packages might be worth a closer look before installing.<\/p>\n<p>Jo Guerreiro, the maintainer of yay, clarified that the number by itself doesn&#8217;t accomplish anything. Something edited last week isn&#8217;t automatically dangerous, and something untouched for years isn&#8217;t automatically clean.<\/p>\n<p>This is meant to be just one extra signal to weigh before you commit to an install.<\/p>\n<p>The other major addition here is support for Lua-based hooks and configuration, letting you script how yay behaves at different points in the install and upgrade flow. You can now drop a file at $XDG_CONFIG_HOME\/yay\/init.lua, usually ~\/.config\/yay\/init.lua, and yay will pull both settings and hooks straight out of it.<\/p>\n<p>Leave that file out entirely and nothing Lua-related runs at all. config.json doesn&#8217;t go away either, init.lua sits above it and can override what&#8217;s already there, while flags you pass on the command line take priority over everything else.<\/p>\n<p>One of the new hooks, UpgradeSelect, kicks in partway through yay -Syu, once yay has worked out what needs upgrading but hasn&#8217;t yet put the package exclusion screen in front of you.<\/p>\n<p>Two more hooks come into play before the actual install runs, just later in the sequence&#8230;<\/p>\n<p><a href=\"https:\/\/itsfoss.com\/news\/yay-v13-release\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After the AUR Malware Flood, Yay v13 Lets You Script Your Own Safety Net https:\/\/itsfoss.com\/news\/yay-v13-release\/&#8230;<\/p>\n","protected":false},"author":1,"featured_media":275465,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/itsfoss.com\/content\/images\/2026\/06\/yay-v13-release-banner.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[99,71,32],"class_list":["post-275462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-arch-linux","tag-linux","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275462"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275462"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275462\/revisions"}],"predecessor-version":[{"id":275467,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275462\/revisions\/275467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275465"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}