-= Per source details. Do not edit below this line.=-
The package @bmg-web/bmg-collapse was found to contain malicious code.
The OpenSSF Package Analysis project identified '@bmg-web/bmg-collapse' @ 999.999.99 (npm) as malicious.
It is considered malicious because:
{
"malicious-packages-origins": [
{
"sha256": "949a822b85521e04afcde428f4f20a5380c3f895e8bb1f1caa28b5a8ca456c9d",
"versions": [
"999.999.99"
],
"import_time": "2026-04-22T09:37:28.297807128Z",
"modified_time": "2026-04-22T08:48:20Z",
"source": "ossf-package-analysis"
},
{
"sha256": "6fac63a733e9add336ae6a3fa8cf87b72abbe29bb1efeb397b54dd35f2875fcd",
"versions": [
"999.999.99"
],
"import_time": "2026-04-23T20:49:08.6832321Z",
"modified_time": "2026-04-23T20:43:56Z",
"source": "amazon-inspector"
}
]
}