It’s an easy way to get packages distributed across Arch. It’s especially useful for new software because getting approved for mainline Arch repos is a pain.

The issue is the fact that it was created before widespread adoption of Arch and thus security is a bit lackluster.

When you use it, the first thing you’ll see is “read all the PKGBUILDs before installing!!!” written all over the place, PKGBUILD being the bash script that gets the package into your system. And when Arch was that scary and unapprochable distro used by the nerdiest of nerds, everybody did exactly that and it wasn’t an issue.

Nowadays a lot of people who are a bit less than consious about their decisions hop on Arch and use stuff like AUR without thinking what exactly they are doing. The results are all over the news outlets.

Maybe it’ll lead to AUR creating stricter policies for maintainers, sad, but I doubt it can exist in it’s current state otherwise.

Arch attracted a lot of newbies to the distro thanks to SteamOS being Arch based and CachyOS being extremely easy to get into and maintain, unlike the heavily gatekeepy “fuck off if you can’t solve literally everything yourself” base Arch. With that came a lot of demand for all sorts of packages that are not and will not be included in Arch/Cachy/whatever distro’s repos, prompting heavy AUR usage. As well as some people promoting the AUR as one of the benefits of Arch - “everything is on Arch”. And in my personal experience - Arch itself tends to drop a bunch of packages into AUR, and other 3rd party devs treat AUR as an easy distribution platform for Arch based distros, which gives AUR an undeserved amount of trust.

For me, some of the software I use isn’t available on the official Arch repos, but they are on the AUR. I prefer the AUR over solutions like Flatpak or AppImages, but I use a mix of them all depending on what I need to install.