PkgRadar

Go modules · proxy.golang.org

github.com/neko233-com/express233

Remote Payload: matched "github.com/%s/releases/download"

Why PkgRadar flagged v1.0.0

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/%s/releases/download" · github.com/neko233-com/[email protected]/cmd/express233-server/control.go
mediumRemote Payloadmatched "github.com/%s/releases/download" · github.com/neko233-com/[email protected]/internal/cli/selfupdate.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.0Review242026-06-09
v0.2.7Review242026-06-09
v0.2.2Review242026-06-09
v0.2.3Review242026-06-09
v0.1.0Review122026-06-09
v0.2.5Review242026-06-09
v0.2.4Review242026-06-09
v0.2.0Review122026-06-09
v0.2.1Review122026-06-09
v0.2.6Review242026-06-09

Block this in CI

PkgRadar gates github.com/neko233-com/express233 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/neko233-com/[email protected]
Start free — 25 scans / moView full evidence
github.com/neko233-com/express233 — Go modules security scan | PkgRadar