collected-forms-embed-js

MAL-2026-4175

Malicious code in collected-forms-embed-js (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: ossf-package-analysis (5bc706a222ff9fef4872e708bcd99cf286eaf8a11c9908c33ed9776e43d600e6)
The OpenSSF Package Analysis project identified 'collected-forms-embed-js' @ 1.0.1 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

- The package executes one or more commands associated with malicious behavior.

Compromised versions (4)

1.0.1
1.0.0
1.0.5
8.0.5

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.