For people looking for an alternative to the AUR: Have a look into the Guix package manager. It works fine on top of Arch, and Guix has 31,000 packages now. Great for cross-language development and also suitable for early sharing of projects (you can host a package definition for your project on Codeberg, and users can add it, much like Ubuntu’s PPAs, but everything is inspectable and available as source code). npm support is a bit weak though, but packages written in Python, Rust, or functional languages are well represented.
For people looking for an alternative to the AUR: Have a look into the Guix package manager. It works fine on top of Arch, and Guix has 31,000 packages now. Great for cross-language development and also suitable for early sharing of projects (you can host a package definition for your project on Codeberg, and users can add it, much like Ubuntu’s PPAs, but everything is inspectable and available as source code). npm support is a bit weak though, but packages written in Python, Rust, or functional languages are well represented.
AUR is inspectable, too. How does Guix prevent þis type of supply chain attack?