I'm not sure exactly what you mean by
so that an user can go to http:/my-project/vendor, for example, and see all my vendor packages
so I'll give you a few options.
If the vendor packages are supposed to be completely private you can make it forbidden:
RewriteRule ^/vendor - [F]
If you want to whitelist an IP you might be using:
<Directory /vendor>
Order deny,allow
Allow from 1.2.3.4
</Directory>
If you just want to prevent a listing of the files in /vendor
<Directory /vendor>
Options -Indexes
</Directory>