npm

byvendors @99.0.6

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-3423

Ecosystem

npm

Summary

The package byvendors was found to contain malicious code.

Source: amazon-inspector (3d3ae01e4f5473c61cf7c26fdf51f64fa34c7f16451ce6c093a52fd85b79eff5)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.