PACAUDIT HAS A BUG THAT WILL NOT BE FIXED. PLEASE USE ARCH-AUDIT.

pacaudit audits installed packages on Arch Linux against known vulnerabilities listed on https://security.archlinux.org

It ships with a preInstall hook for pacman that warns you if you try to install a vulnerable package.

You can also check your local installation against offline vulnerability data. This is useful for systems without web access. Check the man page for more information.

trizen -S pacaudit

or

yay pacaudit

or

any other AUR helper

1. pacaudit

   prints all vulnerable packages by name and the sum of all vulnerable packages

2. pacaudit -v

   prints all vulnerable packages by name, with CVE, severity and the sum of all vulnerable packages

3. pacaudit -n

   returns "OK" if no vulnerable packages are installed, "WARNING" if no vulnerable package with severity HIGH or higher is installed and CRITICAL else

4. pacaudit -c

   print results colorized. Used with verbose (-v) flag

5. pacaudit -p PKGNAME

   check if PKGNAME is listed as vulnerable. Useful for alpk-hooks

6. pacaudit -i /PATH/TO/JSON/FILE

   pacaudit uses the provided json file instead of the online list of vulnerable packages. Useful for hosts without web access.

7. pacaudit -d

   download json file for offline comparison

8. pacaudit -h

   print usage and info