Maven · repo1.maven.org

net.thevpc.nuts:nuts-runtime

Java Process Spawn: Runtime.exec / ProcessBuilder — process spawning.

Why PkgRadar flagged 0.8.9.0

Severity	Signal	Evidence
medium	Java Process Spawn	Runtime.exec / ProcessBuilder — process spawning. · net/thevpc/nuts/runtime/standalone/executor/system/ProcessBuilder2.java
medium	Java Process Spawn	Runtime.exec / ProcessBuilder — process spawning. · net/thevpc/nuts/runtime/standalone/installer/svc/DefaultInstallSvcCommand.java
medium	Remote Payload	matched "raw.githubusercontent.com" · net/thevpc/nuts/runtime/standalone/workspace/cmd/recom/AbstractRecommendationConnector.java
medium	Remote Payload	matched "raw.githubusercontent.com" · net/thevpc/nuts/runtime/standalone/repository/impl/defaults/DefaultNRepoFactoryComponent.java

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.9.0`	Review	54	2026-06-11

Block this in CI

PkgRadar gates net.thevpc.nuts:nuts-runtime (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven net.thevpc.nuts:[email protected]