PkgRadar

Maven · repo1.maven.org

cn.xnatural:tiny

Java Base64 Combo: Base64.decode combined with network / process / defineClass — classic obfuscated payload.

Why PkgRadar flagged 3.0.test4

SeveritySignalEvidence
highJava Base64 ComboBase64.decode combined with network / process / defineClass — classic obfuscated payload. · cn/xnatural/Util.java
mediumJava Process SpawnRuntime.exec / ProcessBuilder — process spawning. · cn/xnatural/Util.java

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.test4High risk222026-06-11
3.0.test3High risk452026-06-10
3.0.test2High risk222026-06-10

Block this in CI

PkgRadar gates cn.xnatural:tiny (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven cn.xnatural:[email protected]
Start free — 25 scans / moView full evidence
cn.xnatural:tiny — Maven security scan | PkgRadar