yaourt is an AUR helper, which is a short way of saying that it is a tool to help with installation and dependency management when installing packages from the Arch User Repository. It is also commonly recommended in guides about starting out on Arch or Manjaro, since it used to be default on Manjaro before 17.0 and is in Manjaro’s repos. Sounds fine, yeah? No.
The problem is that it makes a very important assumption when installing packages: that they’re not out to cause harm.
The way that Arch installs packages is through the use of a PKGBUILD script (read more here). This file outlines the basic details of the package, such as dependencies and steps that need to be taken. As an example, here’s one that I made for converting the DEB for a project I am developing into an Arch package and installing it:
What tools such as
yaourt do is take this script, execute it to build the package, and then install that package. Where
yaourt screws up, is that it executes part of it before letting you read it.
Taking the Gogios example from above, I can add a line to it like so:
And running with
yaourt will produce this:
I hope it is obvious why this is a problem.
yaourt executed the echo statement as soon as I started the install, and then asked if I wanted to see how much I just screwed myself.
In summary: please, for the love of whatever deity you may believe in, please do not use
yaourt. Use something like
yay (the recommended AUR helper of ASA) or some other trusted program from the table here.