A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
Especially for a small list, 3-4, that you actually need to check, what’s the actual issue? Open list of 400, ctrl+f for the few names you care about, move on.