A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
flatpak has a sandbox
Be careful with relying on it though since it has more holes than swiss cheese due in part to lazy devs who request unesecary permissions & the sandbox being slightly flawed from a security perspective.
A sandbox that has enough protection to be secure also has enough restrictions as to be too annoying to use, and often is useless. Don’t get me wrong, sandboxes can be very good, but only in specific situations. In general you need your applications to be secure without a sandbox.
What do you mean, don’t you love a text editor that can not open any file on your system?