Yes it's safe apt doing same when u installing something but doing it automatically.So u can just do

sudo apt-get install --download-only htop

It will store .deb in ur directory

aiui apt will compare downloads from repositories against the repository signing key, whereas downloading a deb and installing it manually with dpkg bypasses that.

So theoretically the Debian website could get compromised and provide you a malicious deb package. That has happened to other Linux distros before so it's not entirely unrealistic.

Practically I think that's very unlikely.

I know apt has the --download option if you'd like to fetch deb packages on the commandline, though I'm not sure if apt compares the package with the key during this process. I hope it does. You could probably run apt in verbose mode and hopefully see this happen.

Some references:

• https://askubuntu.com/questions/131397/what-is-a-repository-key-under-ubuntu-and-how-do-they-work
• https://wiki.debian.org/SecureApt

Well, it is safe as it's what APT do... hahaha just make sure to download latest version...

I usually use dpkg - i for manually downloaded files. Just another option to try.