Package declares a postinstall lifecycle hook ("postinstall": "node run.js" in package.json) that executes run.js automatically on npm install. run.js imports child_process, os, https, and http; reads host identifiers via os.hostname() and os.platform() (run.js:194-195); and issues outbound POST requests (run.js:62, 63, 265) along with a GET (run.js:48). The shape — automatic install-time execution combined with host enumeration and outbound HTTP exfiltration primitives — matches the install-time host-reconnaissance / beacon pattern. The package name (metrics-probe-f256, with a random hex suffix) has no documented purpose consistent with running child processes and shipping host data outbound at install time.