npm

@bmg-web/bmg-dropdown @999.9999.99

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC

Malicious

OSV ID

MAL-2026-2986

Ecosystem

npm

Summary

The package @bmg-web/bmg-dropdown was found to contain malicious code.

Source: amazon-inspector (ba8b2c9cb8ff59d283200d129e3ad62a7f469072326443114ebadcda2da4f894)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.