Linux distributions are. They all have maintainers who vet packages and take responsibility for them. Arch Linux does too. The inherent untrustworthiness of the AUR was always made explicit by the Arch Wiki and the culture surrounding it, unlike programming language package managers like npm and pip.