Just to expand... When the above user is comparing to Windows, who got most of the US government breached, I do think shade against AUR is uncalled for. Its just a community host for packages, comes with warnings, and isn't enabled by default, etc.

I can still happily upgrade via pacman without fear. Haven't been able to update on Windows without concern for over a decade - the malware comes builtin.

[0] https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Revi...