Maven · repo1.maven.org
com.vaadin:copilot
Java Process Spawn: Runtime.exec / ProcessBuilder — process spawning.
Why PkgRadar flagged 25.2.0-beta2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · com/vaadin/copilot/ide/IdeUtils.java |
| medium | Remote Payload | matched "github.com/HotswapProjects/HotswapAgent/releases/download" · com/vaadin/copilot/HotswapAgentDownloader.java |
| medium | Remote Payload | matched "cUrl " · com/vaadin/copilot/SpringIntegration.java |
| medium | Large Native Blob | 6500440 bytes · META-INF/native/libcom_vaadin_copilot_shaded_netty_quiche42_linux_x86_64.so |
| medium | Large Native Blob | 6472008 bytes · META-INF/native/libcom_vaadin_copilot_shaded_netty_quiche42_linux_aarch_64.so |
| medium | Large Native Blob | 6526144 bytes · META-INF/native/libcom_vaadin_copilot_shaded_netty_quiche42_osx_x86_64.jnilib |
| medium | Large Native Blob | 6236656 bytes · META-INF/native/libcom_vaadin_copilot_shaded_netty_quiche42_osx_aarch_64.jnilib |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
25.2.0-beta2 | Review | 39 | 2026-06-12 |
Block this in CI
pkgradar gate --ecosystem maven com.vaadin:[email protected]