npm

bmg-web @999.99.9

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-2953

Ecosystem

npm

Summary

The package bmg-web was found to contain malicious code.

Source: amazon-inspector (26777925b4f8e199b125a969ad8c6f4e0ff672b87613b22ce2b67fe461ba218e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.