PSA: The amount of stars on GitHub can be botted and is not a good indicator to know if you are dealing with a legitimate repository. Even the commit history can be faked (although that’s less common).
Try to do some research like you would do with closed source tools. See if they have a website and if it links to the GitHub you encountered. Also see if there are subreddits or forums and see what they link to.
In the case of this “Pro” version of KeePass; a simple search would have shown that there is no Pro version.
PSA: The amount of stars on GitHub can be botted and is not a good indicator to know if you are dealing with a legitimate repository. Even the commit history can be faked (although that’s less common).
How to go about it then?
Try to do some research like you would do with closed source tools. See if they have a website and if it links to the GitHub you encountered. Also see if there are subreddits or forums and see what they link to.
In the case of this “Pro” version of KeePass; a simple search would have shown that there is no Pro version.