Go modules · proxy.golang.org
github.com/dev-zeph/trojan
Remote Payload: matched "github.com/aquasecurity/trivy/releases/download"
Why PkgRadar flagged v0.1.2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/aquasecurity/trivy/releases/download" · github.com/dev-zeph/[email protected]/internal/config/manifest.go |
| medium | Remote Payload | matched "curl " · github.com/dev-zeph/[email protected]/internal/config/update.go |
| medium | Remote Payload | matched "github.com/dev-zeph/Trojan/releases/download" · github.com/dev-zeph/[email protected]/internal/config/verify.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.1.2 | Review | 36 | 2026-05-29 |
v0.1.1 | Review | 36 | 2026-05-29 |
v0.1.3 | Review | 36 | 2026-05-29 |
v0.1.0 | Review | 36 | 2026-05-29 |
v0.1.4 | Review | 36 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/dev-zeph/[email protected]