Lol we can be smug until someone sneaks a backdoor into nixpkgs for a while. For user envs updating the system doesnt mean the compromise is gone, although checking would be super easy.

I wouldn’t be so sure it doesn’t affect NixOS^[1].

I am not a security researcher, nor a reverse engineer. There’s lots of stuff I have not analyzed and most of what I observed is purely from observation rather than exhaustively analyzing the backdoor code.

Also, it may take 10 days to downgrade the package^[2].