Wonder how many packages in community package repos are compromised. Surely "Hubbleexplorer" can be trusted to provide arch users with a honest, clean version of npp.