Improve Security #1398
Description
Is your feature request related to a problem? Please describe.
Recent malware scares led me to notice this. My habit is to usually check the AUR page. I noticed many dodgy names in the last few days, but wouldn't know they were new if I were using yay.
Describe the solution you'd like
- Search 'google-chrome'
- See this:
1 aur/google-chrome 138.0.7204.183-1 (+2291 10.86)
The popular web browser by Google (Stable Channel)
- Submitted: 2010-05-25 20:25 (UTC) Updated: 2025-07-29 21:37 (UTC)
- https://aur.archlinux.org/packages/google-chrome
This because: all the 'bad packages' discovered were brand new.
Sometimes packages are problematic because they weren't updated for an extremely long time.
There's no substitute for a clickable link that takes you to the AUR page.
Describe alternatives you've considered
I looked at other AUR helpers, pamac/paru are just as 'bad'.
People say you MUST be able to 'vet' your own, however (look at chrome) the pkgbuilds can be extremely tough to analyse.
Seeing popularity is good - votes not so much of a guarantee (perhaps the uploaders of malware will have a dozen friends ready to get some votes registered).