I want to install video download helper. It depends on a companion app, that can be installed from the AUR.
It depends on npm.
I’ve often read, that npm is a notorious source of malware, so I’m hesitant to use it.
What do you think? Am I overreacting? Is there a way to make installing such software more safe?
The npm package that is listed as dependency on the AUR link you posted will be installed from the official Arch linux repo.
So the package itself will be for sure free from malware.
Your downloadhelper comes from github. Of course with AUR packages you always have a higher malware risk compared to the official repos. But I wouldn’t overestimate it.
Wouldn’t this part
cd "${pkgname}-${pkgver}"
npm install
install packages from npm?
The first command just switches directories to the downlaoded package directory.
The second command uses npm to install a package. See also: https://docs.npmjs.com/cli/v8/commands/npm-install
So, without looking at it, I assume that the software you are installing is downloaded as a javascript package.
The second command uses npm to install a package.
This is the part that I’m concerned about. Because I’ve read so much about malicious npm packages.
npm is only a package manager.
npm is not malicious in and by itself.
If you trust the package you are going to install with it then I guess you’ll be fine.
If you don’t trust the package, the choice is easy to make.
https://wiki.archlinux.org/title/Node.js#Node_Packaged_Modules
@Elendil
Why wouldn’t you just use the extension video downloader helper in Firefox? It is very easy to install and works without issue.
npm is not malicious in and by itself.
I know.
If you trust the package you are going to install
My problem is, that I don’t know the packages that are installed, I don’t know anything about npm/node/etc. I just want the video download helper.
Why wouldn’t you just use the extension video downloader helper in Firefox?
That’s exactly what I want to do. Is there a way to use it without the companion app?
Yes.
The additional features listed at https://github.com/mi-g/vdhcoapp are:
file writing API features that are not available from the browser
temporary file name generation
launching default application on a data file
a build of the ffmpeg video converter
But you can you can still download videos with the addon if you don’t have the companion app.
If I try to do that, it just tells me that I need the companion app.
Ugh, yes it does now on some websites. That wasn’t always the case 
Yes, but it doesn’t work for what I want to do.
Alright.
Ive been using video downloader helper for years and have no issues. I use the extension in Firefox and install the conversion tool. No problem.
Does it work on Tubi? I tried downloading something the other day and my video recorder wouldn’t do it.
Do you mean youtube?
but actually, I realized I was trying to download dogma on
I just downloaded True Justice Blood Alley no issues.
Edit: I’m not registered but I’m trying it right now.
Edit2: It downloaded but is only 18 minutes of it. Not sure if it’s because I’m not registered or ?
Edit3: I wasn’t familiar with this site. Seems you can download it anyway via a link?
You can download via link? How? I’ve never seen such a thing. . . I don’t know where I found it. It’s probably the google mafia coming to break my kneecaps though.