Replace yay with paru

[martinmose]

paru for AUR?

Sorry if this has already been discussed - and maybe there are solid reasons why yay was the chosen AUR helper.

Buuut… the original maintainer of yay has moved on and created paru.
See the Reddit post here:
https://www.reddit.com/r/archlinux/comments/jjn1c1/paru_v100_and_stepping_away_from_yay/

I’d suggest that Omarchy switch to paru.

And if the name change feels too disruptive:

alias yay=paru

😇

[dhh]

Appreciate this, but I actually really like the idea that yay is feature complete and not under further development. I have more than a few bones to pick with package managers that keep "evolving" after they've solved their primary problem. So unless someone presents very compelling arguments for why paru would be a big upgrade, I'd prefer to stick with yay.

[Beethoven-n]

So unless someone presents very compelling arguments for why paru would be a big upgrade, I'd prefer to stick with yay.

i do have some comment on this.
there's been a few notable malware outbreaks on the AUR the past couple of months. the biggest way to avoid getting hit with something like that is to review the PKGBUILD so that you know what you're installing, and how it's going to install.

paru has an automatic review feature that shows you the PKGBUILDs for each package you're about to install. in combination with the bin.FileManager option and a TUI file manager of your choice, you're able to do this in a way that's much more reasonable than the raw output of the pager. that makes it a total no-brainer to me, and it's a killer feature in my opinion.

sure, it has colored diffs like some people have mentioned, but the most important thing is the mindset shift. users should be paying far more attention to what is in the packages they're installing than the omarchy-pkg scripts indicate.

[Beethoven-n]

i ran into this while trying to integrate the omarchy-pkg scripts specifically into my existing workflow. i like the way they're set up, except for the fact that they're using yay instead of paru.
on my system, i'm not entirely concerned. i can just sed -i 's/yay/paru/' $GIT_DIR/omarchy/bin/* and be off, but i'm more concerned about more unsuspecting users getting attacked by malware disguised as packages they intended to install.

some examples of these attacks include this one on firefox, librewolf and zen, as well as a similar attack on ttf-ms-fonts-all, ttf-all-ms-fonts, and vesktop-bin-patched (only mentioned in the arch linux discord grumble grumble)