When trying to build this myself, I noticed a couple issues with the PKGBUILD file

1. As of May 12th, 2025, AdvantageScope is licensed under a slightly modified BSD-3-Clause license, not the MIT license (with NONINFRINGEMENT added after MERCHANTABILITY in the final paragraph)
2. The sudo make dependency is unused, and can be removed
3. In order to run emscripten for the build, you need python, so python should be in makedepends
4. During the build, electron-builder looks for libcrypt.so.1, which isn't required by any of the make dependencies, so it should be added to the makedepends with libcrypt.so=1
5. I checked with ldd, and advantagescope executable doesn't dynamically link to libcrypt.so.1, so I don't think it is required at runtime, but it could load it in a different way, and I can't easily check if it runs properly without libcrypt.so.1 because I have libcrypt.so.1 on my machine.
6. The version that is used to extract the .pacman file is based off the latest commit version, while the actual version is in the package.json file. you should either
7. read the version from the package.json and use that when extracting the files
8. replace the version in the package.json file with the package version
   • It would need to be slightly modified as the current pkgver format produces versions that electron-builder rejects for being invalid
9. (minor) You don't need to use curl to download the latest license from GitHub, as the LICENSE file is still there from the git clone

I did implement and test all the changes I mentioned, so feel free to reach out over email if you want me to send you a patch file.

Thank you for your help. I have updated the package accordingly. I will look into replacing emsdk in the future as well.

I looked into emsdk and it looks to me to be very useless. It just downloads a pinned version of node (node-lts-iron) and emscripten. And worse, it downloads into /usr with no possibility of changing it. I would try to ditch this and use the official packages.

That said, I think it should be possible to "vendor" emsdk such that it downloads its files during prepare() like it suggested previously. Not ideal though.

Below the changes I suggest to the PKGBUILD (untested! it may need some tweaks (and fill the blanks)). Change the emsdk version if needed (and update checksums).

_emsdk=4.0.8
source=("git+$url"
        "emsdk-$pkgver.tar.gz::https://github.com/emscripten-core/emsdk/archive/refs/tags/$_emsdk.tar.gz")

prepare() {
  cd emsdk-$_emsdk
  ./emsdk install latest
}

build() {
  "$srcdir"/emsdk-$_emsdk/emsdk activate latest
  source "$srcdir"/emsdk-$_emsdk/emsdk_env.sh
  # continue the build process...
}

I understand the issue, but as I guess you realize, this is a could have a big security impact. And using sudo is forbidden according to the guidelines. I suggest:

1. Investigate whether emsdk has a destination flag at install, so you can temporarily install in $srcdir and calling it from there. You'll need to update the PATH I would guess.
2. Try to fix emsdk such that the post-installation script are called from build(), so one does not need to call sudo emsdk install, but not sure whether this is possible or makes sense.

Also, I noticed that the package penpot does not need to call emsdk install, so maybe all of this is unnecessary? (of course, it could be that package is broken...)

The reason sudo was used is that the required make dependency emsdk does not automatically initialize when installed. If you have an alternative to using sudo for the initialization step, please let me know.

please do not use sudo in PKGBUILDs