Maven · repo1.maven.org

com.octopus.openfeature:octopus-openfeature-provider

Java Base64 Combo: Base64.decode combined with network / process / defineClass — classic obfuscated payload.

Why PkgRadar flagged 1.0.0

Severity	Signal	Evidence
high	Java Base64 Combo	Base64.decode combined with network / process / defineClass — classic obfuscated payload. · com/octopus/openfeature/provider/OctopusClient.java

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.0`	High risk	30	2026-06-15

Block this in CI

PkgRadar gates com.octopus.openfeature:octopus-openfeature-provider (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.octopus.openfeature:[email protected]