Post your pacman -Qm

Lounge
627

True for this particular one, but whichever way one does it:

628

oh shit I did not see trivalent on “the list” why did you remove it?

629

It was one of those packages whcih weren’t 100% necesary - next up will be ungoogled chromium, leaving me with librewolf and brave, both… supicious. :frowning:

630

everyone should have one ‘chrome’-like browser for ease so I’ll keep it. I thought you knew something I didn’t i.e. malware.

i.e. this is just about removing for ‘just-in-case’ right?

631

I posted here a command that filters pacman -Qm to show your installed packages from the AUR that have been updated in June 2026, sorted by date, including details of the most-recent update:

632 
❯ pacman -Qm
betterbird-bin 140.11.0esr-1
brave-origin-nightly-bin 1.93.67-1
multimarkdown 6.7.0-2
onlyoffice-bin 9.4.0-1
pacseek-bin 1.8.6-1
picosnitch 2.1.1-1
pkglog 1.34-2
polychromatic 0.9.7-1
proton-authenticator-bin 1.1.6-1
python-argparse-from-file 1.8-1
timeshift-systemd-timer 0.0.1-2
traur-bin 0.4.1-1
ttf-ms-fonts 2.0-12
ulauncher 5.15.15-1
virtio-win 0.1.285.1-2
waterfox-bin 1:6.6.14-1

Updated brave-origin-nightly-bin just now! I guess I’m one of the few that aren’t really worried (just disappointed) about all of this situation.

633

I updated brave-bin yesterday (through paru), after doing the usual checks. No problems and no worries.

pacman -Qi brave-bin
Nombre                    : brave-bin
Versión                   : 1:1.91.172-1
Descripción               : Web browser that blocks ads and trackers by default (binary release)
Arquitectura              : x86_64
URL                       : https://brave.com
Licencias                 : MPL2  BSD  custom:chromium
Grupos                    : Nada
Provee                    : brave=1.91.172  brave-browser
Depende de                : alsa-lib  gtk3  libxss  nss  ttf-font
Dependencias opcionales   : cups: Printer support [instalado]
                            libgnome-keyring: Enable GNOME keyring support
                            libnotify: Native notification support [instalado]
Exigido por               : Nada
Opcional para             : Nada
En conflicto con          : brave
Remplaza a                : Nada
Tamaño de la instalación  : 432,01 MiB
Encargado                 : Unknown Packager
Fecha de creación         : dom 14 jun 2026 13:07:15
Fecha de instalación      : dom 14 jun 2026 13:07:22
Motivo de la instalación  : Instalado explícitamente
Guion de instalación      : No
Validado por              : Nada
634

Interesting enough I seem to can’t update with paru (pictured) or yay however updating with pacman works fine

noparuupdate
noparuupdate1029×769 71.7 KB

635

Try again. It seems that https://aur.archlinux.org/rpc is experiencing issues.

636

Cleaned up my AUR. But there are still a few programs left. I need those, though. I just updated my browser. Everything’s fine.

─❯  pacman -Qm
archfetch 1.0.8-7
brave-bin 1:1.91.172-1
brave-origin-nightly-bin 1.93.67-1
bruteforce-luks 1.4.0-1
cantata 3.4.0-2
catppuccin-gtk-theme-mocha 1.0.3-1
cfetch 1.0.2-1
darkly-bin 0.5.38-1
f3 10.0-1
fortune-mod-de 0.38-1
furmark 2.10.2-1
gaiasky 3:3.7.3-1
grayjay-bin 17-2
kde-material-you-colors 2.2.0-1
klassy 6.5.3-1
konsave 2.3.0-1
librewolf-bin 1:151.0.4_1-1
localsend-bin 1.17.0-1
losslesscut-bin 3.69.0-1
mtplayer 21__2026.01.23-1
mullvad-browser-bin 15.0.14-1
nerdfetch 8.5.4-1
open-tv-bin 1.9.1-1
pacseek 1.8.6-1
papirus-folders-catppuccin-git r30.f83671d1-2
pfetch-git r432.a906ff8-1
plasma6-applets-kurve 3.5.1-1
plasma6-applets-panel-colorizer 7.2.0-1
plasma6-applets-plasmusic-toolbar 4.1.0-1
plasma6-applets-wallpaper-effects 2.1.1-1
plasma6-applets-weather-widget-3-git r392.e92c287-1
python-materialyoucolor-git 2.0.10.r12.g7f5edb5-1
python-pywal16 1:3.8.15-1
ramfetch 1.1.0a-1
shell-color-scripts-git r113.576735c-1
shutthefetchup-git r2.48c7072-1
weasis-bin 4.7.0-1
637 
brave-bin 1:1.91.172-1
gzdoom-bin 4.14.2-6
heroic-games-launcher-bin 2.22.0-1
plasma6-wallpapers-smart-video-wallpaper-reborn 2.13.0-1
qzdl 3.3.0.0-1

Mines nice and short, just did an update for the browser (only package that needed updating)

638

Klassy really should be part of native Plasma, and at worst, in Extra rather than AUR, it’s an exceptional improvement to the existing window decs.

639

yeah that was it. I just got my browsers updated. thanks. I check after install and still all clean

640

hmm should we run one of the malware detection scripts on this thread? :smiling_face_with_horns:

641

Yes!

642

milkytwix (posted 15 hours ago): One critical match. The user had the following package installed on their system, which is explicitly listed on the blocklist of the affected AUR malware incident packages?

User Package Found Status / Context
milkytwix trivalent-bin Confirmed compromised / Malware. The user explicitly mentions in the body text of their post that they had already removed the trivalent-bin package prior to posting their list (“Current state of affair after removing trivalent-bin…”).

No only removed .. by the user .. (haluzinating AI) :wink: testing one on the Framework 16 ..

643

Ya, right. Just-in-case, kind of. More so “remove everything not needed”. I keep brave origin for the beforementioned chrome browser stuff.

644

I never saw a 'blocklist but I saw an up to date (yesterday afternoon) list of affected apps and Trivalent was not on it. That was 24 hours ago.

Goddamit I liked that Chrome fork the best…

I am infected is what you are saying?

I am uninstalling then.

645

Last time I tried Trivalent some months ago, it was quite happy talking to Google’s servers. I had to create a few rules in opensnitch to block most of the calling.

646

trivalent-bin not on the list https://md.archlinux.org/s/SxbqukK6IA
https://raw.githubusercontent.com/lenucksi/aur-malware-check/refs/heads/master/package_list.txt

All good..