#help review pkgbuild (i am mostly incapable of understanding code)

im no skilled programmer in any regard but
https://aur.archlinux.org/packages/kando-bin
this pkgbuild looks safe right...?
the 1 vote and username of "zxp19821005" does not give me any good feelings
but there is absolutely no other place to get this package D:

@thorny bison why use that?

is there a safer or more popular method?

also i want to use this for a rice

its basically just a cool application menu thats flashy

https://github.com/kando-menu/kando

this is what it is

@thorny bison what de/wm are you on?

hyprland

@thorny bison read the note https://github.com/kando-menu/kando/blob/main/docs/installing.md#platform-specific-notes

ah okay nice ty, i definitely needed that to make sure it doesnt crash my pc xd

i also wanna make sure but, its not malicious right?

thats honestly my sole concern

nothing in the pkgbuild is sus i assume?

this might be a dumb question but i genuinely just cannot read code well so i cant just lie to myself

It seems fine to me

whenever checking pkgbuilds check : Is packages are being downloaded from legitimate upstream sources, if it's legit then it'll mostly ok

check arch wiki guide on how to write pkgbuild, from there match variables to make pkgbuild and check it to that package.. If you found that pacakges contains longer script than normal use .. it's under suspection

ahh mkmk sounds good :D

super duper tysm for the detailed response

i mega appreciate it 🌻

Use packages in chroot-jail env or install aura package manager : it'll scan pkgbuilds before building it

https://github.com/fosskers/aura

yep

looks fine

yep the sources points to https://github.com/kando-menu/kando