Yup. That would be fish simply not recognizing that syntax and requiring the extra psub for that kind of scripting.
I had no idea about that. I do not use fish.
Oh I thought I left a link already. Here it is;
Well, seems curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh | bash works just fine with the Fish shell. So all is good.
I do. Whenever I see âbashâ I then type âbashâ or even âzshâ before pasting and executing the commandâŚ
Hello,
Maybe a dumb question, but as many packages in Cachyâs repos come from the AUR, has any of those been compromised?
Huh? CachyOS repos include AUR packages? 
Yes, the cachyos repository contains many AUR packages. But as far as I can tell, the lists show no matches.
This is expected, as this kind of attack only works on AUR packages that have been either orphaned by their maintainers or were created with official sounding package names to trick people into using them instead of safe, responsibly maintained packages.
cachyos contains many very popular AUR packages. The chance of them suddenly losing their maintainer and being picked up by a bad actor, and then the malware goes unnoticed long enough to make it past the build process that places the compiled binaries in the cachyos repo are very slim.
Thanks a lot for your answer 
Thanks for the clarification, @Dirge. Much appreciated.
What anti malware would you suggest?
Thanks mate, both for the notification and the script!
Supply chain attack on a community filled repository and the suggestion in the official forum is to do curl | bash 
Exactly my kind of humor.
I guess that always depends on who proposes what. @cscs is a very trusted member here, I personally use their scripts without hesitation. Still, you may safely look up the script anytime with
curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh | cat
Or just visit the link that was posted beforehand and do whatever you wish from there.
The script besides the list of packages and echo is about 15 lines.
You can run it âremotelyâ.
You do not have to nor do you need to run anything at all.
Yes, of course I did look into the code by using curl without bash and I really donât want to dismiss @cscsâ effort here - thanks a lot. But the reason why this problem with AUR exists is that people execute code that they havenât verified. And the mitigation here is to âŚexecute code that most people wonât verify. I was aiming at pointing out the irony (and the general problem when using OS software), I really donât want to belittle anyone.
Any information about how did this happen? I see a lot of commits under the original authorâs name, most of these packages are not even new and werenât maintained by the same accounts. Did they hack the AUR server?
I really like to say âTHANKSâ for the quick information and response with the testing-script!
Highly appreciated kind of reaction!
Cool âŚ
Letâs be honest here and that is while itâs good practice to use common sense itâs no substitute for a good firewall and malware protection.
Is it generally a good idea to trust a script like this in the middle of a supply chain attack? What happens if the authorâs account has been compromised as well?
Pretty sure none of these fixes / scans are on the AUR.
Itâs a simple bash script, you can just look into it and see what it does, thatâs what you should learn to do. If you donât have any other option paste it into a LLM and have it explained to you âfor a beginnerâ, thatâs something these things can do at least. Executing things without understanding always means trusting.