You’d be protected from this particular exploit if you used a package manager rather than the updater, though of course you’d still be vulnerable to the installer binary itself getting compromised.

Wonder how many packages in community package repos are compromised. Surely "Hubbleexplorer" can be trusted to provide arch users with a honest, clean version of npp.

Gedit is an underrated alternative imo.

I don't know why that comment is being interpreted as a request for alternatives. They are clearly asking if their machine is compromised.

yes, that's my question: am I compromised? What should I do?

Standard answer to a potentially compromised machine is to start with a factory reset machine and add the software and data you need to do your work/use the machine. Do not take executables from the compromised machine and use them any where since they too could be compromised.

There are more steps you can take to ensure greater safety. The above is the minimum a I do for myself and what the minimum IT department and my company executes.

> Standard answer to a potentially compromised machine is to start with a factory reset machine

How do you "factory reset" a PC ?

My minimum is start with a freshly formatted hard drive then reinstall the os, software(fresh not transffered), and data required for your use.

> There are more steps you can take to ensure greater safety.

There are firmware infections that can persist even after hard drive format. Though to my understanding os/user space to firmware infections are rare. As far as I know a 'factory reset' on phone and some laptops does not reinstall firmware and clear out firmware infections. So to my understanding the 'factory reset' found on phones is analogous to formatting your hard drive, reinstall the os, software, and data required for your use.