A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
Be careful with relying on it though since it has more holes than swiss cheese due in part to lazy devs who request unesecary permissions & the sandbox being slightly flawed from a security perspective.