Seems like it’s certainly better than nothing, but I’m unsure if the 1500 infected packages in the AUR would’ve been flagged by this, depending on how the malware was introduced. Even with Shelly, I probably wouldn’t recommend most people use the AUR until more protections are put in place by the Arch team.
I don’t know how it’s done, but here is a screencap of an update today:
Thanks for that! I was able to find a page that details what it checks for:
https://www.seafoam-labs.org/shelly-alpm/docs/security/
Seems like it’s certainly better than nothing, but I’m unsure if the 1500 infected packages in the AUR would’ve been flagged by this, depending on how the malware was introduced. Even with Shelly, I probably wouldn’t recommend most people use the AUR until more protections are put in place by the Arch team.