npm

@google-pay-trust/start @99.0.4

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 12:27 PM UTC

Malicious

OSV ID

MAL-2026-3320

Ecosystem

npm

Summary

The package @google-pay-trust/start was found to contain malicious code.

Source: amazon-inspector (16feef8620dbb1f3b6c7c6c67f9f7883438f368a3bfd2c2c591d7f30467e67c4)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.