> And what if upstream is problematic? 

That would be the same problem for official packages. Unless I am mistaken, the difference between maintainers for the official repos versus AUR, is that the former is a trusted/vetted person. But afaik, they also just package upstream software. I doubt they will read through tons of commits to see if there might be anything nefarious there.

It would be better if software would be forced to have something like a very advanced manifest file, with requested permissions. Malware has to eventually communicate with endpoints, so a declared whitelist of endpoints should definitely be part of such a manifest. Some wrapper program could set up a namespaces that allows just what is requested. Any software that requires `endpoints = [.*]` would make it obvious to the user that it is a really dangerous piece of software. Your code editor should not ship like that.

The first thing I can think of in this direction is flatpak, but that is really coarse grained, with defaults that are very lax. Also flatpak-like solutions do not expose an api to the wrapped application, which is both a pro and a con (a con when you consider installing application plugins requiring further permissions).

> And what if upstream is problematic?

Then don’t install the package.

It’s on you to decide whether you trust upstream or not.

You’re free to use any scanner you want on the upstream sources if it makes you feel safer. (I’m currently working on a makepkg extension that allows just that.)

The core and extra repos are curated, and every package maintainer is doing their due diligence (and more) to protect the users. But on the AUR, nobody is going to do that work for you.

What is npm?

I installed dwm from AUR once, then Prusa slicer.

Dwm PKGBUILD lists patches, so it's kind of obvious one needs to check them to choose what patches they want.

Prusa slices is downoaded from the official website.

I think you live in a different world ;-)