New Rust Tool Traur Analyzes Arch AUR Packages for Hidden Risks

A new open-source tool, traur, written in Rust, has emerged for Arch users, aiming to improve security awareness in Arch Linux’s user-maintained software ecosystem by introducing automated trust scoring for AUR packages.

Traur analyzes installed or selected AUR packages and issues risk signals based on their build scripts, metadata, and past behavior. The main goal is to bring benefit to the Arch community by helping users decide how much to trust an AUR package before installing or updating it, all without running any code. And I can say that this is especially useful after several AUR packages were compromised last year.