PkgRadar

Maven · repo1.maven.org

io.streamnative:kafka-clients

Java Process Spawn: Runtime.exec / ProcessBuilder — process spawning.

Why PkgRadar flagged 4.2.0.8

SeveritySignalEvidence
mediumJava Process SpawnRuntime.exec / ProcessBuilder — process spawning. · org/apache/kafka/common/utils/Shell.java
mediumJava Static Init Side EffectStatic-initializer block contains process/network/reflection — runs on first class load (contributory signal). · org/apache/kafka/common/security/oauthbearer/internals/secured/HttpJwtRetriever.java

Scanned versions

VersionVerdictScoreScanned (UTC)
4.2.0.8Review272026-06-17

Block this in CI

PkgRadar gates io.streamnative:kafka-clients (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven io.streamnative:[email protected]
Start free — 25 scans / moView full evidence