> these are packages
PKGBUILDs are not packages. They’re (user-contributed) instructions on how to build packages.
> available through the OS's repos.
No. The AUR is a platform, similarly to NPM or PyPI, that allows users to upload PKGBUILDs. It is not part of “the OS’s repos,” and it says that loud and clear, multiple times, including on the front page.
[flagged]
You seem to have a wild misconception of what the AUR actually is.
It'd be more like a public toilet anyone could urinate in, and you lick the floor right next to the toilet and then is surprised that it tastes like pee. Of course there is pee on the floor, anyone can pee there!
Better analogy would blaming a supermarket that hosts an outdoor farmers market because you contracted food poisoning from a stand owned by someone else - NOT for buying food from within the supermarket itself.
Meanwhile one of the other customers has norovirus and is deliberately touching everything so others contract it.