Ah yes, poetic justice.
@legend @fatboy as long as you stick to sources from your distribution, there's no real need for additional checking. Antivirus is only really needed if you introduce stuff from outside - downloaded from a random site. Then it's wise to at least have a look at the source. But that is not necessary most of the time.
@legend @fatboy "linux doesn't get malware because it is very secure" - now that's a nice straw man you built. That is not what I wrote.
As long as the user is not cautious, no OS, and no AV will save him from malware.
My argument is, that on most linux distributions, the repos are curated and checked for malware, so if you trust them , you don't need an AV. Random binaries from the internet are something else.
To check those you would need to either check their source code, or disassemble and look for malicious stuff.
In the examples you provided: PIP and NPM are not really designed with security in mind. And given these are code repositories. If you are using them you are responsible to check the code.
Snap store is its own thing and I personally don't trust packages there if I don't trust the publisher.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.