Just to expand... When the above user is comparing to Windows, who got most of the US government breached, I do think shade against AUR is uncalled for. Its just a community host for packages, comes with warnings, and isn't enabled by default, etc.
I can still happily upgrade via pacman without fear. Haven't been able to update on Windows without concern for over a decade - the malware comes builtin.
[0] https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Revi...
Exactly.
I only have 4 packages installed with AUR and I think that’s the intention. You’re only going there when the other solutions aren’t available or don’t make sense.