I have both yay and paru on the two Arch systems I manage, because pacman tends to break those occasionally through dependencies and that way I don’t have to do the whole makepkg bit again and instead can update the one with the other. I still find it asinine that these aren’t in the repos or the functionality isn’t integrated in to pacman, but since Arch’s entire philosophy is based on simplicity, I guess the chosen solution to secure user packages is security by obscurity.

(I only still use Arch on those systems because I haven’t gotten around to migrate them to Gentoo yet, after implementing a binpkg repo and custom profiles many years ago so compiling on the weaker machines is essentially unnecessary, btw.)